Importing a FIM Profile from Qualys Library
FIM contains its own library of out-of-the-box monitoring profiles. Qualys’ in-house security analysts provide you with a set of highly critical files and file paths that must be monitored for specific activities. This expertise helps you to kick-start your monitoring efforts and adhere to PCI-DSS (sections 10.5.5. and 11.5) and various other compliance standards such as NERC CIP (CIP 010), FISMA, SOX, NIST (SI7), HIPAA, CIS controls, and GDPR.
These profiles are based on accepted security standards, and they categorically exclude files that cause false positives.
Qualys highly recommends that you use the lightweight monitoring profiles from its library. With the help of the research and analysis carried out by Qualys’ team of security experts, the lightweight profiles have been created with a small set of extremely critical OS files such as boot loader, kernel parameters, configuration files, initialization files, system volume files, critical binaries, and authentication files that need to be monitored on a real-time basis for any kind of deflections/deviations from regular behavior.
These profiles ensure negligible load on the CPU and help you achieve compliance against various mandates for the associated assets.
Import a profile
Go to Configuration > Library, select a required profile and click Import to Profiles from the Quick Actions menu.
Choose one of the following Import settings and click Import:
- No Restrictions: You can edit the profile once imported.
- Locked Profile: You cannot edit the profile once imported.
- Locked Profile-Allow Syncing: You cannot edit the profile once imported. However, any updates made by Qualys to the profile are synced automatically.
Once the profile is imported, it is displayed under the Profiles tab. By default, the profile is in inactive state, you must activate the profile to use the profile for monitoring.
Related Topics
Activate and Deactivate a Profile
Guidelines for Creating Patterns in Inclusion/Exclusion Filters