USM Anywhere™

Manual File Integrity Monitoring Configuration

For systems that don't have the AlienVault Agent installed, you can manually enable File Integrity Monitoring (FIM) inside the system.

Manual FIM Configuration for Linux

For Linux systems that do not have the AlienVault Agent installed, you can enable FIM within USM Anywhere by configuring the osquery agent to monitor and track file changes on those systems. The osquery configuration file (typically named osquery.conf) contains the configuration options and queries that osquery uses when it runs. AlienVault provides a default configuration file that you can use to enable FIM for Linux systems in your USM Anywhere environment to identify system and software file changes and forward this information to the USM Anywhere Sensor.

For more information about installing and configuring osquery on your Linux systems, see Linux Log Collection with Osquery.

Manual FIM Configuration for Windows

For Windows systems that do not have the AlienVault Agent installed, you can use FIM to identify changes in system files, folders, and Microsoft Windows registries. To use FIM, you configure Windows systems so that USM Anywhere can view Windows audit object access events. To do so, you need to enable file auditing and update security policy settings. After applying policy changes to include audit object events in Windows security logs, NXLog will forward those events to the USM Anywhere Sensor.

See NXLog CE for Windows Hosts for detailed information about using NXLog to forward these events.