File integrity monitoring (FIM) is a mechanism for validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline. It is one of the most powerful techniques used to secure IT infrastructures and business data against a wide variety of both known and unknown threats.
The AlienVault Agent is a lightweight endpoint agent based on osquery, the leading open-source operating system instrumentation framework for Windows, macOS, and Linux. It enables endpoint detection and response (EDR), file integrity monitoring (FIM), and rich endpoint telemetry capabilities that are essential for complete and effective threat detection, response, and compliance.
This agent is easy to install on your host and endpoints, and has a small footprint. An installed Agent provides continuous endpoint security monitoring, allowing USM Anywhere to quickly detect threats on your essential assets without the time-consuming manual configuration and setup tasks required to implement and integrate a third-party tool.
When you install the AlienVault Agent on a host system that is associated with an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers., the Asset Details page includes a File Integrity tab where you can view statistics for FIM eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall. on the asset.
On the AlienVault Agents dashboard, you can also view FIM information collected from all deployed agents.
For information of setting up FIM manually, see Manual File Integrity Monitoring Configuration. For more information about the AlienVault Agent and installing agents on your macOS, Linux, and Windows assets, see The AlienVault Agent.