Open topic with navigation
You can use File Integrity Monitoring (FIM) to monitor system and user file activity to protect your sensitive information from theft, loss, and malware.
Using log files to record suspicious activity, you can detect changes to critical files and registry keys to ensure they are not accessed or modified by unauthorized users. FIM also ensures your systems comply with regulatory regulations, including Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act of 1996 (HIPAA), and Sarbanes-Oxley.
After you install and integrate FIM with your LEM appliance, you can:
You can enable FIM by adding a FIM connector to a node or adding FIM to an existing connector profile.
Ensure the node has a green statusicon.
FIMin the Refine Results search field.
In the Connectors grid, click next to your selected connector and click New.
Click next to your desired template and select Add to selected monitors.
A template copy is moved to the selected monitors to be applied to the node.
Click next to the template and select Edit monitor.
Select the conditions you want LEM to monitor.
In the Add Condition window, click the drop-down menu and select All Keys/Values (recursive) or Keys/Values (non-recursive).
All Keys/Values (recursive) selects the folder and all sub-folders that match the given mask.
Keys/Values (non-recursive) selects only the files in the selected folders to monitor.
Click Tell me more for information about your configuration options.
Enter a mask (for example,
Select the actions you want to monitor.
The LEM agent on your node installs the FIM driver that collects the file system events. Next, LEM pushes the configuration you created to the remote agent and into the driver. In the Nodes grid, the FIM status icon turns green, indicating the driver is working properly.