How File Integrity Monitoring Works?


There are a few key steps to file integrity monitoring:

Defining a policy: Identifying which files on which systems you need to monitor.

Establishing a baseline: Before you can actively monitor files for changes, you need a reference point against which you can detect changes to critical files. You should, therefore, document a baseline, or a known good state for files that will fall under your FIM policy. 

Monitoring changes: Ongoing monitoring of critical files for changes. 

Sending an alert: If your FIM detects an unauthorized change to a critical file, an alert should be configured which informs the relevant personnel.

Document processes and procedures: To ensure the FIM is implemented and carried out correctly, this includes reports of results.

Was this article helpful?
0 out of 0 found this helpful