FIM enables users to know reputation status of files. Based on the file content hash, file reputation status is derived.
It is applicable for PE files only. Reputation status of files can be seen in Events Details page for Events of type Create and Content.
The file type can be any among: MALICIOUS/SUSPICIOUS/KNOWN/UNKNOWN/UNAVAILABLE.
Go to Events Details page to view the events in detail.
Automatic Incident Creation for Malicious Events