#FILE MONITOR MANUAL#
Workflows can be configured as automatic or manual as shown below.įalcon FileVantage is a robust file integrity monitoring solution that offers the streamlined, central visibility that organizations need to satisfy compliance requirements. Those responses can include containment, enrichment, and Real Time Response actions as well as notifications like webhooks, ServiceNow incidents and messages via email, Teams or slack. Organizations can also leverage Falcon Fusion workflows to set up automated responses to these events. For each change, there are details including hostname, object and path. This list of file changes can be filtered using the options at the top.īy changing the filters to focus on changes to a specific host and user, the list reveals events related to the custom rule shown above for the demo directory. Drilling down on the dashboard provides the supporting details which are also available from the menu under “Changes”. Once the policies are defined and applied to host groups, any associated changes will be reported via the same, consolidated Falcon UI. With granular, group based assignment, organizations can ensure that the correct file integrity policies are in place for different servers and workloads based on their critical nature and function. Those policies are then assigned to designated host groups. Once the rule groups are set up, they can be added to a policy. The checkbox options can be used to tune the rule to specific directory and file actions. However, it excludes any changes to log files. As an example, this rule monitors for any type of change to the Demo directory and identifies those as low severity. Rules can be created to monitor specific changes along with customization options to prioritize events and reduce alert fatigue. Within a given rule group, rules can be added, edited, sorted and deleted. The rule groups themselves are defined in two categories with one focused on files and directories, while the other looks at registry changes. The dashboard is populated based on flexible policies and rules. Intuitive dashboards like this help organizations quickly identify and address issues based on severity, category and change type. Through the easy to use Falcon interface, FileVantage provides visibility to changes on critical assets that are also prioritized based on the configured severity level. VideoĬrowdStrike’s FileVantage module helps organizations meet compliance requirements by comprehensively monitoring file, folder, and registry modifications while also simplifying the security stack.
As a cloud delivered platform, CrowdStrike leverages a single light-weight agent to address a number of security challenges including FIM.
File Integrity Monitoring (FIM) can be a daunting deployment that requires yet another solution in the security stack. Due to compliance regulations, many organizations have a need to monitor key assets for changes made to certain files, folders or registry settings.