AlienVault® USM Anywhere™

File Integrity Monitoring

File integrity monitoring (FIM) is a mechanism for validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline. It is one of the most powerful techniques used to secure IT infrastructures and business data against a wide variety of both known and unknown threats.

AlienVault Agents

The AlienVault Agent is a lightweight endpoint agent based on osquery, the leading open-source operating system instrumentation framework for Windows, macOS, and Linux. It enables endpoint detection and response (EDR), file integrity monitoring (FIM), and rich endpoint telemetry capabilities that are essential for complete and effective threat detection, response, and compliance.

This agent is easy to install on your host and endpoints, and has a small footprint. An installed Agent provides continuous endpoint security monitoring, allowing USM Anywhere to quickly detect threats on your essential assets without the time-consuming manual configuration and setup tasks required to implement and integrate a third-party tool.

The monitored file paths are dependent on which Managing AlienVault Agent Profiles you use. To view a list of the monitored file paths, go to Data Sources > Agents > Configuration Profiles and click a configuration profile. Click the File Integrity tab for a list of the monitored file paths.

List of Agent FIM paths

When you install the AlienVault Agent on a host system that is associated with an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers., the Asset Details page includes a File Integrity tab where you can view statistics for FIM eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. on the asset.

View FIM overview information for an asset with a deployed Agent

On the AlienVault Agents dashboard, you can also view FIM information collected from all deployed agents.

For information of setting up FIM manually, see Manual File Integrity Monitoring Configuration. For more information about the AlienVault Agent and installing agents on your macOS, Linux, and Windows assets, see The AlienVault Agent.