You can monitor changes to individual files on your network. By creating file integrity check controls that identify the files you want to monitor, adding those controls in compliance policies, and selecting the file integrity monitoring option in a compliance profile, you can run scans and generate reports to identify changes to specific files.
File integrity monitoring requires a file integrity check control for each monitored file. The file integrity check control specifies the file you want to monitor, a default value, and the hashing algorithm used to return the actual value for the file.
When you set up a new file integrity check control, select "regular expression" in the Operator field and leave the initial value of ".*" (for any) in the Default Value field.
For additional information see:
New/Edit Control: File Integrity Check (Windows)
New/Edit Control: File Integrity Check (Unix)
To scan for file integrity, you must enable File Integrity Monitoring controls in the compliance profile. Create or edit a compliance profile. Under Control Types select the option File Integrity Monitoring controls enabled. For additional information see:
Compliance Profile: Scan Options
Compliance policies specify the controls used in compliance scans and the assets to which those controls are applied. Create or edit a compliance policy and add your file integrity check control(s). For additional information see:
Run a compliance scan on your policy containing your file integrity check control(s) using a compliance profile with the File Integrity Monitoring controls enabled option selected. After an initial scan, follow these steps for file integrity monitoring:
1. Run a compliance report to show the actual value for the file.
2. Edit the control. Copy the actual value from the compliance report and paste it into the Default Value field of the control.
3. Run another compliance scan. Your second scan (and any subsequent scans) will check the file against the default value.
4. Run another compliance report. Your second report (and any subsequent reports) will indicate any changes to the file.
For additional information on compliance scans and reports see:
Running Policy Compliance Reports