File integrity monitoring
Wazuh File integrity monitoring (FIM) system watches selected files and triggers alerts when these files are modified. The component responsible for this task is called syscheck
. This component stores the cryptographic checksum and other attributes of files or Windows registry keys and regularly compares them with the current files being used by the system, watching for changes.
Contents
- How it works
- FIM fields rule mapping
- Configuration
- Configuring syscheck - basic usage
- Configuring scheduled scans
- Configuring real-time monitoring
- Configuring who-data monitoring
- Configuring reporting new files
- Configuring Windows registry
- Configuring reporting file and registry value changes
- Configuring ignoring files and Windows registry entries
- Configuring ignoring files via rules
- Configuring the alert severity for the monitored files
- Configuring maximum recursion level allowed
- Configuring syscheck process priority
- Configuring where the database is to be stored
- Configuring synchronization