File Integrity Monitoring Overview

Qualys File Integrity Monitoring (FIM) is a cloud-based security solution that detects and reports changes in files, directories, and registry settings across IT environments. It helps organizations ensure security, maintain compliance, and streamline auditing by identifying unauthorized or suspicious modifications that could indicate security breaches.

Key Features

How does FIM strengthen your organization's security?

Real Time Monitoring

FIM detects unauthorized or suspicious changes to critical system files, helping to reduce the time to respond to potential breaches.

Example:
If a critical configuration file on a server is modified unexpectedly, FIM sends an alert with details on who made the change, when, and how.

For more information, see FIM Profile Configuration.

Centralized Management

FIM is a cloud-based solution, offering centralized visibility and management of file change events.

Example:
A company with a mix of AWS, Azure, and on-premise servers can monitor file changes across all locations using a FIM dashboard.

For more information, see FIM Dashboard.

Alerting and Reporting

FIM automatically alerts you when it detects unauthorized or suspicious changes. You can also generates reports to capture events and incidents occurring in your files.

Example:
A financial services firm receives an immediate alert when an unauthorized registry key is modified, triggering an investigation that reveals a compromised account, preventing further damage.

For more information, see Events, Incidents, and Rules and FIM Reports.

User Impersonation Detection

FIM can identify and alert if someone is impersonating a privileged user to gain unauthorized access.

Example:
A healthcare organization discovered via FIM that an IT admin account was impersonated to access sensitive patient files, prompting a revamp of its identity and access controls.

For more information, see Impersonation Events.

File Access Monitoring (FAM)

FIM can capture file access attempts, providing detailed information about who, what, when, and where access attempts occur.

Example:
An employee attempts to access a confidential file. FIM logs who accessed it, when, and what actions they tried.

Compliance Support

FIM helps organizations meet compliance requirements like PCI DSS, HIPAA, GDPR, and others.

Example:
A healthcare provider uses FIM reports during a HIPAA audit to demonstrate continuous monitoring of electronic health records.

Agentless Network Monitoring

FIM can monitor network devices (such as routers and firewalls) for configuration changes, even without requiring agents to be on the devices.

For more infromation on supported technologies on Agentless FIM, see Platform Availability Matrix for Agentless FIM.

Example:
An employee accidentally changes a firewall setting, exposing internal systems. FIM detects and alerts the change without the agent.