The System Integrity Monitoring task is designed to track actions performed with the files and directories in the monitoring scopes specified in the task settings. You can use the task to find file changes that may indicate a security breach on the protected server.
To use System Integrity Monitoring functionality, you must purchase an extended license that covers this functionality. System Integrity Monitoring is disabled by default.
System Integrity Monitoring can be performed in real-time mode by running the On-access System Integrity Monitoring (OAFIM) task. Also, On-demand System Integrity Monitoring (ODFIM) tasks can be created and run.
Both OAFIM and ODFIM tasks send notifications about changes to an object access control list. For the OAFIM task, details about what exactly was changed are not reported. For the ODFIM task, information is reported about attribute changes and file/directory moves are reported.
Page top