File Integrity Monitoring

File monitoring software allows you to be notified and track changes to critical system and user files. File integrity monitoring detects when files and checksums are added, deleted or changed. For every directory you monitor, you can specify which types of changes you are interested in.


Download Now Request a demo

Compliance Info: EventSentry's file integrity monitoring helps with PCI requirement 11.5.

File Monitoring detects the following file changes:

  • A file is added to a monitored directory
  • A file is removed from a monitored directory
  • A file increases its size
  • A file decreases its size
  • A file changes its SHA-256 checksum
  • A transaction log has been tampered with
  • All of the above also apply to NTFS ADS (alternate data streams, read more)

When a change occurs, you can either have an event logged to the event log (and subsequently receive an alert) and/or log the change to the EventSentry database.

In addition to detecing changes, FIM can also gather the following file attributes:

  • Digital Certificate
  • Entropy

Whether or not a file has a (valid) digital certificate can be used as a condition to avoid sending alerts whereas the entropy can be utilized to detect certain Ransomware outbreaks.

Transaction logs can also be monitored, and alerts generated when a previously written part of the log changes. No alerts are generated when new data is appended to the log.

File Monitoring Alerts

Log File Monitoring You can configure EventSentry to log an alert with a customizable severity to the Application event log, notifying you that a change to one or more critical files has occurred. In case of a file change, EventSentry will log an alert and inform you of the following:

  • Which file changed
  • The previous and new size of the file (if the size changed)
  • The previous and new checksum (if the checksum changed)
  • The name of the affected file (if a file was added or removed)

Please note that EventSentry will, at this point, not inform you who made a change to a file. This is planned for a future release.

File Monitoring Consolidation

Log File Monitoring In addition to receiving alerts on file changes, you can also consolidate the current status of all monitored files in the EventSentry database. This makes it easy to compare the current size and checksum of a file across multiple computers, or to review file changes that ocurred on one or more computers.

Similar to the file change alerts, the web reporting will show you:

  • Which file changed
  • The previous and new size of the file (if the size changed)
  • The previous and new checksum (if the checksum changed)
  • The name of the affected file (if a file was added or removed)