Skip to main content

Files (FIM)

To navigate to the Files (FIM) dossier in the Lacework Console, click Resources > Host > Files (FIM).

For more information about File Integrity Monitoring, see the following topics:


These graphs aggregate data for all scanned files. Available graphs present unique file hashes and executables, number of known bad files, and number of files changed.

Alerts for all scanned files where Lacework agents are installed.

List of changed files

This table displays files whose hash and/or timestamp has changed.

New files

This table displays files not seen on the previous scan.

New registry autoruns

This table displays changes in the Windows registry. For more information, see Monitor Windows Registry Changes.

Known malicious files

This table displays files that match malicious files from various threat sources based on a hash or on another signature.

Application details from bad files

This table displays detailed information about bad files.

Command line by file

This table displays the command line that was used to launch the process.

Package installed executables

This table displays files installed using the system’s package management system, typically apt-get or yum/rpm.

Non-Package installed executables

This table displays files installed outside of package management, either through a proprietary package, or by moving binaries into the executable path.

Executable versions with multiple hashes

This table displays executable versions with multiple hashes.

File hash summary

This table displays file hash summary information.