File Integrity Monitoring

File Monitoring allows you to be notified and track changes to critical system and user files. File monitoring detects when files are added, deleted or changed (SHA checksums are also supported). For every directory you monitor, you can specify which types of changes you are interested in.


Download Now Request a Web Demo


Compliance Info: EventSentry’s file integrity monitoring helps with PCI requirement 11.5.

File Monitoring detects the following file changes:

  • A file is added to a monitored directory
  • A file is removed from a monitored directory
  • A file increases its size
  • A file decreases its size
  • A file changes its SHA-256 checksum
  • All of the above also apply to NTFS ADS (alternate data streams, read more)

When a change occurs, you can either have an event logged to the event log (and subsequently receive an alert) and/or log the change to the EventSentry database.

File Monitoring Alerts

Log File Monitoring You can configure EventSentry to log an alert with a customizable severity to the Application event log, notifying you that a change to one or more critical files has occurred. In case of a file change, EventSentry will log an alert and inform you of the following:

  • Which file changed
  • The previous and new size of the file (if the size changed)
  • The previous and new checksum (if the checksum changed)
  • The name of the affected file (if a file was added or removed)

Please note that EventSentry will, at this point, not inform you who made a change to a file. This is planned for a future release.

File Monitoring Consolidation

Log File Monitoring In addition to receiving alerts on file changes, you can also consolidate the current status of all monitored files in the EventSentry database. This makes it easy to compare the current size and checksum of a file across multiple computers, or to review file changes that ocurred on one or more computers.

Similar to the file change alerts, the web reporting will show you:

  • Which file changed
  • The previous and new size of the file (if the size changed)
  • The previous and new checksum (if the checksum changed)
  • The name of the affected file (if a file was added or removed)