> Advanced Configurations > Set up File Integrity Monitoring

Set up File Integrity Monitoring

You can use File Integrity Monitoring (FIM) to monitor system and user file activity to protect your sensitive information from theft, loss, and malware.

Using log files to record suspicious activity, you can detect changes to critical files and registry keys to ensure they are not accessed or modified by unauthorized users. FIM also ensures your systems comply with regulatory regulations, including Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act of 1996 (HIPAA), and Sarbanes-Oxley.

After you install and integrate FIM with your LEM appliance, you can:

You can enable FIM by adding a FIM connector to a node or adding FIM to an existing connector profile.   

Add a FIM connector to a node

  1. Log in to your LEM console as an administrator.
  2. Click Manage > Nodes.
  3. Locate your targeted node in the Nodes grid.

    Ensure the node has a green statusicon.

  4. Click next to your targeted node and select Connectors.
  5. Enter FIM in the Refine Results search field.
  6. In the Connectors grid, click next to your selected connector and click New.

  7. Click next to your desired template and select Add to selected monitors.

    A template copy is moved to the selected monitors to be applied to the node.

  8. Click Save.
  9. (Optional) Add conditions to the template.
    1. Click next to the template and select Edit monitor.

    2. Select the conditions you want LEM to monitor.

    3. Click Edit.
    4. In the Add Condition window, click the drop-down menu and select All Keys/Values (recursive) or Keys/Values (non-recursive).

      All Keys/Values (recursive) selects the folder and all sub-folders that match the given mask.

      Keys/Values (non-recursive) selects only the files in the selected folders to monitor.

      Click Tell me more for information about your configuration options.

    5. Enter a mask (for example, *.exe or directory*.

    6. Select the actions you want to monitor.

    7. (Optional) Click Add Another Condition.
    8. Click Save.
  10. Click Save Changes.

    The LEM agent on your node installs the FIM driver that collects the file system events. Next, LEM pushes the configuration you created to the remote agent and into the driver. In the Nodes grid, the FIM status icon turns green, indicating the driver is working properly.

If you find any errors or inaccuracies in this document, or if you find its contents difficult to understand, please contact SolarWinds Technical Support. Please state which Help system you are using, the name of the topic, and the problem.