File integrity monitoring

File integrity monitoring is the capability that allows us to know if any file has changed. The component responsible for this task is called syscheck. This component compares the cryptographic checksum and other attributes of a known good file or Windows registry key against the checksum and attributes of the same after it has been modified.