Configure FIM Profile

FIM detects policy and compliance-related changes by monitoring changes to directories and files residing on the host asset. File or directory changes are monitored by creating rules as part of a FIM monitoring profile.

Before creating a profile, analyze your environment. Identify the areas of information that may be lucrative for an attacker, so that you know where you need to concentrate.

A well-thought out plan is vital to the success of your file monitoring practices. Key factors to consider while making such decisions should be:

- Critical areas for the organization that must be put under continuous monitoring.

- Type of actions or activities that should be monitored for specific file paths.

- Highly probable attack surface areas in the environment.

How to create a FIM profile?

You can create FIM profile in the following three ways:

- Import Profile from Library : FIM contains its own library of out-of-the-box monitoring profiles. You can import the required profile from the Library and use it as is or customize it as per your requirement.

- Create a Profile: You can also create a customized profile from scratch and add the required rules, assets, and tags.

- Clone a Profile: Using this option, you can copy an existing profile along with its rules. You can then customize it as per your requirement.