This is the documentation for Wazuh 3.3. Check out the docs for the latest version of Wazuh!

File integrity monitoring

Wazuh’s File integrity monitoring (FIM) watches specified files triggering alerts when these files are modified. The component responsible for this task is called syscheck. This component stores the cryptographic checksum and other attributes of a known good file or Windows registry key and regularly compares it to the current file being used by the system, watching for changes.