Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Log & Event Manager (LEM) > Configure the File Integrity Monitoring (FIM) connector

Configure the File Integrity Monitoring (FIM) connector

Table of contents
Created by Randall Harwood, last modified by MindTouch on Jun 23, 2016

Views: 97 Votes: 0 Revisions: 10

Overview

This article describes how to enable the File Integrity Monitoring (FIM) connector for Windows agents to monitor file, folder, or registry changes.

Environment

  • LEM 6.0.0 and later
  • Windows agent nodes

Steps

To configure the File Integrity Monitoring (FIM) File and Directory connector:

  1. In the LEM Console, go to Manage > Nodes, click the gear icon of the Windows agent node you want to configure, and click Connectors.
  2. In the search box under Refine Results, search for FIM.
  3. Click the gear icon next to File Integrity Monitoring (FIM) File and Directory, and then select New.
  4. From here, you can add one of the Monitor Templates to Selected Monitors, or simply click Add Custom Monitor to create your own. Select Add Custom Monitor for the remaining steps.
  5. Provide a Monitor Name, and then click Add New.
  6. Click Browse, choose the drive(s) or folder(s) you want to monitor, and then click OK.
  7. Provide a mask and select the appropriate checkboxes for the changes you want to monitor. 
    Note: The mask can include or be surrounded by asterisks used as wildcards. If you want to monitor all folders, use a mask that only consists of one asterisk (*), since there likely isn't a period in your folder names.
  8. Click Add Another Condition if needed or click Save to save and exit.
  9. Click Save Changes to exit. If nothing else needs to be configured for this connector, click Save to exit.

The connector should automatically start and show a green status icon. This agent is now being monitored.

 

To configure the File Integrity Monitoring (FIM) Registry connector:

  1. In the LEM Console, go to Manage > Nodes, click the gear icon of the Windows agent node you want to configure, and click Connectors.
  2. In the search box under Refine Results, search for FIM.
  3. Click the gear icon next to File Integrity Monitoring (FIM) Registry, and then select New.
  4. From here, you can add one of the Monitor Templates to Selected Monitors, or simply click Add Custom Monitor to create your own. Select Add Custom Monitor for the remaining steps.
  5. Provide a Monitor Name, and then click Add New.
  6. Click Browse, choose the registry keys you want to monitor, and then click OK.
  7. Provide a mask and select the checkboxes of the changes you want to monitor. 
    Note: The mask can include or be surrounded by asterisks used as wildcards.
  8. Click Add Another Condition if needed or click Save to save and exit.
  9. Click Save Changes to exit. If nothing else needs to be configured for this connector, click Save to exit.

The connector should automatically start and show a green status icon. This agent is now being monitored.

 

 

Last modified
19:56, 22 Jun 2016

Tags

Classifications

Public