File Integrity Monitoring at NXLOG

Post a different question
1
response

Hi,

Regarding the File Integrity Monitoring module:
1. Is it possible to detect the user who performs the changes? Currently, there is no detail of who made the changes in the NXLog logs.
2. What is the recommended scan-interval to be set? Will it affect the performance of the system?

Thank You

AskedJanuary 18, 2021 - 5:04am

Answer (1)

Hello

  1. im_fim doesn't provide this kind of information, you'd need to implement this kind of policy in external software to gather this information.
  2. The scanning consumes some resources, however, not on a significant scale and it depends on many factors, especially on the number of files being monitored, but also on the infrastructure itself. The chosen interval should align with your particular policy needs. I'd encourage you to test the settings and check how it works on your system.

Best regards,
Rafal

AnsweredJanuary 18, 2021 - 1:12pm