For more information about File Integrity Monitoring, see the following topics:
How does FIM work?
How does FIM alert?
What does FIM monitor?
What files/paths are included in the predefined list?
You can optionally override these default paths and files using the
filepath property. For information about changing this property, see File Integrity Monitoring (FIM) Properties.
What files does FIM ignore?
You can optionally override these default non-monitored paths using the
fileignore property. For more information about changing this property, see File Integrity Monitoring (FIM) Properties.
What is the FIM scan interval?
What kind of load is normal for the device, both the baseline and post-baseline monitoring?
What should I expect once I configure custom directories and files for FIM?
How often does FIM send alerts?
Are there any files that FIM currently does not monitor?
filepathproperty and ignores files that are specified in the
How does FIM work with processes that make connections?
What are the files that FIM provides visibility for?
How are malicious files identified?
Can I set the time when the daily FIM scan runs?
runatproperty to set the start time of the daily FIM scan in the HH:MM format as shown in the following example. The
runatproperty must be specified within a single
Can I configure the frequency of the scans?
Can I limit the CPU usage for the FIM?
If a user specifies filepath and fileignore in the config.json file, are the default directories included or excluded?
Why does Lacework include paths such as
/var/log/messages which are constantly changing as default directories?
On the dashboard, there are many results of FIM changes. Won’t adding directories that change constantly decrease the value of the FIM dossier because there are so many events to filter through?
What is the increased load for each added custom FIM directory?
What kind of data from each file does FIM monitor and what is sent to Lacework?
Is any customer-specific data sent to Lacework?
How does Lacework choose the default directories and files to monitor?
Is there a memory consumption baseline? If new directories are added to the config.json file, what increases in memory consumption are expected?
filepath/fileignore changes in the config.json file require an agent restart to take effect?
config.jsonfile are automatically read by the agent and do not require an agent restart to take effect.