Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
Home > Armor Complete - Product User Guide > File Integrity Monitoring (FIM)

...

Content Layer
id131925859
Content Column
id131925870
Content Block
background-color$lightGrayColor
id131925858

Topics Discussed

Table of Contents
maxLevel3
minLevel3

Content Block
id131925860
Note

To fully use this screen, you must add the following

permission

permissions to your account:

  • Read FIM


Anchor
View FIM data
View FIM data
View FIM

...

Data


  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click File Integrity Monitoring.

Column

Description

Name

For Armor Complete, the name of the virtual machine you created in AMP.

For Armor Anywhere, the name of the instance that contains the installed Anywhere agent, which includes the FIM sub-agent.

Provider

For Armor Complete, the entry will display Armor.

For Armor Anywhere, the name of the public cloud provider for the instance.

Status

The health status of the sub-agent, which is based on how long the FIM sub-agent has been offline.

There are three status types:

  • Secured (in green)
  • Warning (in yellow)
  • Critical (in red)
Connectivity

The connection status of the sub-agent.

There are three connection types:

  • Online indicates that the sub-agent is online.
  • Offline indicates that the sub-agent is currently offline.
  • Needs Attention indicates that the sub-agent has not communicated with Armor.
Timestamp

The date and time that the FIM sub-agent last communicated with Armor.

Note

To learn how the overall FIM status is determined, see Understand FIM data.

Anchor
Understand FIM data
Understand FIM data

...


Understand FIM

...

Data


In the File Integrity Monitoring screen, the dashboard displays the various FIM statuses of your virtual machines (or hosts):

  • Green indicates a virtual machine in a Secured FIM status.
  • Yellow indicates a virtual machine in a Warning FIM status. 
  • Red indicates a virtual machine in a Critical FIM status.

Armor determines the status of FIM based on how long FIM has been offline.

  • If FIM is offline for 2 to 7 days, then the FIM status changes from Secured to Warning
  • If FIM is offline for 8 days or more, then the FIM status changes from Warning to Critical

Length of offline status

Security Status

2 to 7 daysWarning
8 days or moreCritical
Note

The overall status of your virtual machine is based on the individual status of your virtual machine's sub-components, including FIM.


Anchor
View FIM detail
View FIM detail
View Detailed FIM Data


The File Integrity Monitoring details screen displays the changes that has been detected in certain files in your virtual machine. This screen only shows data for the last 90 days. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security

  2. Click File Integrity Monitoring.

  3. Locate and select the desired virtual machine. 

Column

Description

Filename

The name of the file where a change was detected.

Description

A short summary of the change that took place.

Change Type

The type of change that took place in the file.

Scan DateThe date when the change was detected.


Anchor
Export File Integrity Monitoring (FIM) data
Export File Integrity Monitoring (FIM) data
Export FIM

...

Data


Excerpt Include
ESLP:Export File Integrity Monitoring (FIM) data (snippet)
ESLP:Export File Integrity Monitoring (FIM) data (snippet)
nopaneltrue

...

Info
Anchor
Troubleshoot FIM
Troubleshoot FIM
Troubleshoot FIM

...

Data

Excerpt Include
ESLP:Troubleshoot FIM (snippet)
ESLP:Troubleshoot FIM (snippet)
nopaneltrue



Was this helpful?
Rate Macro

Scrolltotop