Home > Configure FIM Profile
By using Inclusion/Exclusion filter, you can achieve the following:
- Monitor only what’s required instead of inundating the platform with false positives. This means what is not required is dropped at the agent level itself and never reaches the platform, reducing the load on agent as well as platform.
For example, if you wants to monitor any modifications only on database files under C:\ProgramData, then File type Inclusion filter can used and ‘*.db’ should entered as the relative path. Any event which is not for ‘.db’ files will be dropped and won’t go on to platform.
- Reduce the unnecessary processing of Qualys Cloud Agent.
- CPU usage is kept to minimal which is strength of Qualys Cloud Agent.
The files/directories patterns entered in Advanced Options to include or exclude files/directories for monitoring are validated against these rules.
- Do not use these special characters / " < > | in directory paths.
- Can contain a maximum of 260 characters including spaces, slashes and [ ] { } ( ) * ? ' (? is a single character wildcard, and * is a multi-character wildcard).
- Do not use these special characters / " < > | in file names. Special characters allowed are [ ] { } ( ) * ? ' (? is a single character wildcard, and * is a multi-character wildcard).
- Can contain a maximum of 260 characters including spaces, slashes.
- Do not use these special characters \ " < > : | in directory paths.
- Can contain a maximum of 4096 characters including spaces, slashes and [ ] { } ( ) * ? '(? is a single character wildcard, and * is a multi-character wildcard).
- Do not use these special characters \ " < > : | in file names. Special characters allowed are [ ] { } ( ) * ? ' (? is a single character wildcard, and * is a multi-character wildcard).
- Can contain a maximum of 255 characters including spaces, slashes.
- ‘?’ is a single character wildcard.
- ‘*’ is a multi-character wildcard.
- ‘*’ can only be used at the beginning or end of a string literal or in lieu of a string literal.
- ‘*’ should never be used on both sides of a string literal.
- *.* is supported.
Note: ‘*’ should never be used on both sides of a string literal. Example: "*file*" is not supported.
Some of the examples to show usage of above-mentioned rules are as follows:
| Valid usage of wildcards | Invalid usage of wildcards |
|
- *.* - Text?.txt - *.log - Win?ow?.log - *host.dat - qualys* - ?icro?oft |
- *microsoft* |
Here are a few sample scenarios for Inclusion and Exclusion Filter. The inclusion and exclusion filter may change based on your environment and use case.
-Scenario 1: You want to monitor events for any kind of modification on configuration [*.conf] files and wants to block events for [*.sh] files.
- Scenario 2: You want to monitor events for changes only in *.conf type of files and exclude the rest.
- Scenario 3: You want to monitor events for modifications in any type of files (with extensions) excluding the ones with ‘.sh’ extension.
Import a Profile from Qualys Library
Activate and Deactivate a Profile