Monitoring files at specific intervals
Compliance with regulatory standards and laws, such as PCI DSS, requires monitoring access and detecting changes to:
Critical files
Configuration files
Content files
This is important for protecting an organization's critical assets and data and detecting potential security breaches.
You can run scheduled scans with the FIM module to detect file modifications. In this example, the file is user_details.txt
, and
you schedule FIM to scan the file every 5 minutes.
Use case description
Endpoint
Description
macOS Monterey
The FIM module monitors a file on this endpoint within specific intervals.
Configuration
Perform the following steps to configure the FIM module to monitor a user_details.txt
file every 5 minutes.
Create a text file
user_details.txt
and save it in theDocuments
directory.Edit the Wazuh agent
/var/ossec/etc/ossec.conf
configuration file and add theuser_details.txt
file for monitoring:<syscheck> <frequency>300</frequency> <directories>/Users/*/Documents/user_details.txt</directories> </syscheck>
Restart the Wazuh agent to apply the configuration:
/Library/Ossec/bin/wazuh-control restart