Compliance Info: EventSentry's file integrity monitoring helps with PCI requirement 11.5.
File Monitoring detects the following file changes:
When a change occurs, you can either have an event logged to the event log (and subsequently receive an alert) and/or log the change to the EventSentry database.
In addition to detecing changes, FIM can also gather the following file attributes:
Whether or not a file has a (valid) digital certificate can be used as a condition to avoid sending alerts whereas the entropy can be utilized to detect certain Ransomware outbreaks.
Log File Monitoring You can configure EventSentry to log an alert with a customizable severity to the Application event log, notifying you that a change to one or more critical files has occurred. In case of a file change, EventSentry will log an alert and inform you of the following:
Please note that EventSentry will, at this point, not inform you who made a change to a file. This is planned for a future release.
Log File Monitoring In addition to receiving alerts on file changes, you can also consolidate the current status of all monitored files in the EventSentry database. This makes it easy to compare the current size and checksum of a file across multiple computers, or to review file changes that ocurred on one or more computers.
Similar to the file change alerts, the web reporting will show you: