Viewing File Change Records
File integrity monitoring provides change statistics, change types, and file change records, helping you learn about file changes in real time and detect malicious changes in a timely manner.
Viewing File Change Overview
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > Host Security Service.
- In the navigation pane, choose
. Check the file change overview.
You can select an enterprise project for filtering.
Figure 1 File integrity monitoring pageTable 1 File change overview parameters Parameter
Description
Overview
Number of servers where files are changed.
Changes
- Total Changes: total number of file changes.
- File Changes: total number of file changes.
Action
- Modify: total number of file changes.
- Create: total number of file creations.
- Delete: total number of file deletions.
Viewing the File Change Records of a Single Server
- In the server list, you can view the number of files and registry changes on a servers and the time when they were last changed.
Figure 2 Server list
- Click a server name to go to the server change details page. You can view the file change details of the server.
Figure 3 Viewing file change records on a server
Table 2 Server file change parameters Parameter
Description
Example Value
File Name
Name of a modified file.
du
Path
Path of a modified file.
-
Change Description
Description of the change.
To view the change details, hover the cursor over the change content.
-
Type
File
File
Action
How a file was modified.
- Create
- Modify
- Delete
Modify
Last Modified
The last time when a file was modified.
-
Viewing the File Change Records of All Servers

Suggestions for Handling File Changes
The file changes of servers protected by HSS will be recorded and displayed on the File Integrity Monitoring page, helping you trace the behavior of attackers. If a file change is displayed on the File Integrity Monitoring page, check whether it is a normal event in a timely manner.
- If the file change is an abnormal event, manually block the related process and isolate the file – on condition that these operations do not affect services.
- If the file change is a normal event, ignore it or modify the file integrity monitoring scope. For details, see File Integrity in the File Protection policy in Configuring Policies.
A file change will also trigger a File/Directory changes alarm. You are advised to handle it too. The procedure is as follows:
- On the File Integrity Monitoring page, copy the name of the server where the file change was made.
- In the navigation pane, choose .
- On the Server Alarms tab page, select the alarm whose Alarm Type is .
- In the search box on the right, paste and search for the server name to find its File/Directory changes alarm.
- Click the alarm name to view details. Check whether the file change is abnormal based on these details and the file change information on the File Integrity Monitoring page.
- Select a handling method at the bottom of the alarm details page.
The change records on the File Integrity Monitoring page will be retained, no matter how you handle the alarm.
- Mark as handled: You have manually blocked related processes and isolated the modified files. The risk has been eliminated.
- Ignore: The file change has no impact and the alarm can be ignored.
- Add to whitelist: The file change is made by normal service operations. It needs to be whitelisted so that it will not trigger alarms.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot