FIM detects policy and compliance-related changes by monitoring changes to directories and files residing on the host asset. File or directory changes are monitored by creating rules as part of a FIM monitoring profile.
Before creating a profile, analyze your environment. Identify the areas of information that may be lucrative for an attacker, so that you know where you need to concentrate.
A well-thought out plan is vital to the success of your file monitoring practices. Key factors to consider while making such decisions should be:
- Critical areas for the organization that must be put under continuous monitoring.
- Type of actions or activities that should be monitored for specific file paths.
- Highly probable attack surface areas in the environment.
You can create FIM profile in the following three ways:
- Import Profile from Library : FIM contains its own library of out-of-the-box monitoring profiles. You can import the required profile from the Library and use it as is or customize it as per your requirement.
- Create a Profile: You can also create a customized profile from scratch and add the required rules, assets, and tags.
- Clone a Profile: Using this option, you can copy an existing profile along with its rules. You can then customize it as per your requirement.