Events, Incidents, and Rules in FIM
With FIM, you receive real-time updates about anomalous activities that are detected. These updates are sent with complete granular details such as who-what-when-where, about the changes occurring within the scope of your monitored area. Events can be expected and authorized or unexpected and malicious. With alerts and notifications, you can make sure that nothing that is unauthorized goes unnoticed and eventually leads to a security hazard.
With the flexibility of creating correlation rules for grouping similar events together and for alerting authorized users upon an incident, you know that you are in control of security and integrity of your data. And that’s exactly what Qualys FIM does for you with the help of the ready-to-use queries for alert rules in its library. You can avail the easy-to-use, predefined set of queries in the Qualys FIM Library to create alert rules or correlation rules. The correlation rules can be used to group similar events of interest and then to receive notification for the same.
You can check out the following video tutorial on FIM events:
For information on FIM incidents, check out the following video: