Is it possible to "reset the baseline" for the File Integrity module?
We currently have NXLog running on Windows 2019 with the file integrity module that monitors files in sub directories under a main directly. I.E. Say we have about 20 subdirectories for files under a directory called c:\code. If any file is changed/deleted/added under that directory, an alert message is sent out via the OM_UDP module to our siem.
The problem I am looking to resolve, is that I will be copying over about 10 new directories with hundreds of files in each directory, and I don't want NXLog to generate hundreds of alerts because it found new files and directories. Is there a way to “reset” or “refresh” the baseline after the new files/folders are copied over so it will know those files should be there?
We currently have NXLog running on Windows 2019 with the file integrity module that monitors files in sub directories under a main directly. I.E. Say we have about 20 subdirectories for files under a directory called c:\code. If any file is changed/deleted/added under that directory, an alert message is sent out via the OM_UDP module to our siem.
The problem I am looking to resolve, is that I will be copying over about 10 new directories with hundreds of files in each directory, and I don't want NXLog to generate hundreds of alerts because it found new files and directories. Is there a way to “reset” or “refresh” the baseline after the new files/folders are copied over so it will know those files should be there?
Hi @Eric,
Since your question refers to the im_fim input module, which is available on NXLog EE only, please consider our Enterprise Support Services.
Kindly open a ticket and our team will gladly assist you.
Thanks,
Emeka.
