hi and welcome to module to lessen 6.5.
In this lesson, we're gonna talk about file integrity, monitoring
and file integrity. Monitoring is simply just a mechanism that you can use to determine what's going on on a file itself.
This is gonna be a really quick lesson, is not widely used in the industry outside of some regulatory concerns. And I'll tell you why that it's not used very widely here as we go along.
File integrity monitoring is usually agent based on that agent can detect things like changes in files. When did that change occur? How was the file actually change? What about that file actually changed?
And who or what made that change?
It's It's ah, really good tool. When you're trying to monitor changes toe highly critical files, you don't want to turn it on across all the files because it gets really, really noisy. Can you can imagine there's tens of thousands of files just on one window system. So if you turn on file integrity monitoring on everyone on every file on the whole system,
you can imagine how much noise it would create.
So you really only want to use file integrity monitoring sparingly and only almost highly critical files that you need some absolute restricted granular control over how changes were made to those files
in PC I. D. Assess environment, which is the payment card industry. Digital security standard environment. FIM monitoring is required on certain file types.
Ah, basic workflow for Finn would be. You know, the first thing you want to do is you want to set up a policy. You want to determine what exactly should be monitored. As I said, you don't want to monitor everything you want to really restrict it down to only the things that need to be monitored.
You want Establish a baseline. Once you determine what needs to be monitored, you need to let the agent watch that file for a little while because there's lots of different processes that are going to interact with that file that you may not be aware of right when you turn this on, so just let it establish a baseline. It will run for a little while to determine what normal looks like.
Um, and then once you know what normal looks like, you can set that normal baseline, and you can monitor for any changes to that baseline.
If you see any changes, alerts can be sent and then you can also start collecting reports. And a lot of times there's reports or used periodically for compliance audits. Specifically, as I said in the PC I d assess environment
as promises is a very quick, quick lesson on Finn monitoring. Next up, we're gonna talk about data disposal.