Adding a Monitored File
File integrity monitoring (FIM) checks the files in your OSs, applications, and other components for tampering, helping you meet PCI-DSS requirements.
FIM compares files with their versions in the previous scan to check whether files have been modified, and whether the modifications are suspicious.
FIM checks the integrity of Linux files and manages operations on them, including:
- Create and delete files
- Modify files (changes in file size, ACLs, and content hashes)
The registry monitoring function will be available soon.
You are advised to monitor only the files that are important for systems and applications, and are rarely modified.
If you monitor files that are frequently modified, by applications or OSs, such as log files and text files, a lot of false alarms will be generated.
Enabling FIM
- In the upper left corner of the page, select a region, click , and choose .
- On the Critical Files page, click to enable FIM, as shown in Figure 1. The default setting is .
- Check the total number of servers, number of modified files, types of modifications, risks, affected servers, and modified files.
Adding a Monitored File
To add a management file, ensure that:
- You have deployed the File Integrity Monitoring policy on servers.
- The File Integrity Monitoring policy has been enabled.
Perform the following steps to add a monitored file:
- In the upper left corner of the page, select a region, click , and choose .
- In the navigation pane, choose Security Operations > Policy Groups.
- On the Policy Groups page, click the policy group deployed on your servers. Take the default policy group of the premium edition as an example, as shown in Figure 2.
- Click File Integrity Monitoring and set monitored files, as shown in Figure 3.
For details about how to configure the File Integrity Monitoring policy, see File Integrity Monitoring.
- Click OK.
Follow-Up Procedure
Disabling FIM
To disable FIM, click . If the function is disabled, HSS no longer monitors your files or displays FIM statistics.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot