At its most general, File Integrity Monitoring monitors specific files and alerts us if they change. Unfortunately, that doesn’t help much when it comes time to turn specific security checks into actual uses of FIM.
To help with that, we’ve pulled together some simple recipes for security checks and will be publishing them over the next few weeks. Each one starts with a goal, like: “Detect attempts to redirect account email”. For each we’ll provide a list of things to monitor with FIM, such as:
When you add those to your FIM policy, you’ll get an alert whenever one of those changes, which indicate a change to mail routing.
These FIM hacks focus on common things to monitor for a generic system. They generally don’t include all the stuff that the owner uploads:
– Custom system configurations
– Web content
– Locally provided scripts and tools
– Local user account specific files
– OS customizations
All of the above are not only fair game for FIM, but heartily encouraged!
If you have suggestions or requests, let us know.