Files (FIM)
To navigate to the Files (FIM) dossier in the Lacework Console, click Resources > Host > Files (FIM).
For more information about File Integrity Monitoring, see the following topics:
- For information about filtering dossier data, see Dossier Navigation and Filters.
- For frequently asked questions about File Integrity Monitoring, see File Integrity Monitoring (FIM) FAQs.
- For instructions on changing default paths using the config.json file, see the File Integrity Monitoring (FIM) Properties section in Configure Agent Behavior in config.json File.
Dashboard
These graphs aggregate data for all scanned files. Available graphs present unique file hashes and executables, number of known bad files, and number of files changed.
Related alerts
Alerts for all scanned files where Lacework agents are installed.
List of changed files
This table displays files whose hash and/or timestamp has changed.
New files
This table displays files not seen on the previous scan.
New registry autoruns
This table displays changes in the Windows registry. For more information, see Monitor Windows Registry Changes.
Known malicious files
This table displays files that match malicious files from various threat sources based on a hash or on another signature.
Application details from bad files
This table displays detailed information about bad files.
Command line by file
This table displays the command line that was used to launch the process.
Package installed executables
This table displays files installed using the system’s package management system, typically apt-get or yum/rpm.
Non-Package installed executables
This table displays files installed outside of package management, either through a proprietary package, or by moving binaries into the executable path.
Executable versions with multiple hashes
This table displays executable versions with multiple hashes.
File hash summary
This table displays file hash summary information.