What's New in File Integrity Monitoring

This topic gives you an overview of FIM releases. For more information, refer to File Integrity Monitoring Release Notes.

The FIM 4.7 release includes the following updates:

Simplified Onboarding for New Users:
New step-by-step onboarding flow helps new users easily configure FIM.
FIMC Failure Reason Visibility for Linux Assets:
FIMC failure reasons for Linux assets are now visible with remediation steps.
Enhanced Saved Search Queries:
Saved search queries can now be named, favorited, and shared with other users.
Data Retention Policy Applied to FIM Incidents:
15-month data retention policy is now enforced for FIM incident data.
Improved File Naming for Scan-Based Events:
Baseline events are now clearly labeled with "Baseline" in the Real Time Assets > Sacn Based tab.
Improved UI for Inclusion and Exclusion Filters:
AND/OR operators now visible to clarify inclusion/exclusion filter logic.
Agentless FIM Support:
Agentless FIM support extended to more network devices like F5, ArubaOS, and Cisco ISE.
API Enhancements:
15-month data retention policy is now enforced for FIM incident APIs. For more information, refer to File Integrity Monitoring 4.7 API Release Notes.

The FIM 4.6 release includes the following updates:

Retrieve Network Assets using Tags:
Add network assets using tags instead of QQL.
New Cards to Easily Visualize FIM Non-compliant Assets:
View counts of Non-Communicating and Bad Agent Health assets under Real Time Assets tab.
FIM Library Enhancements:
Improved profile names, new rules, and updated queries in the FIM library.
Auth ID Client Management via UI:
Manage API access securely from the View Profile > Auth ID Client Management tab. Supports User and Subscription Level clients with customizable permissions.

The FIM 4.5 release includes the following updates:

Tag-based User Scope:
Tag-based User Scoping enables you to control access by restricting a user to view and interact with only those assets whose specific tags are assigned to the user.
New Token for Events Tab:
A new token for events tab is introduced.
API Enhancements:
The FIM APIs have been enhanced to support the Tag-based User Scoping feature. For more information, refer to File Integrity Monitoring 4.5 API Release Notes.

The FIM 4.4.1 release includes the following updates:

Audit Trail for FIM Incidents:
The audit trail for FIM Incidents include record of events, including changes and user activities.
New Activity Logs Tab in FIM:
Introduced Activity Logs tab that displays details of actions taken on FIM Incidents and Profiles.
New Tokens for Activity Logs Tab:
New tokens for Activity Logs tab is introduced.
Improvement in Search Token Containing Colon:
You can now search queries that include colons, such as IPv6 addresses.
Enhancement in Copying Users and Processes:
You can now copy the user and process details directly to the clipboard from the FIM Events listing page.

The FIM 4.4 release includes the following updates:

Audit Trail for FIM Profile:
Tracks all FIM profile changes (create, update, delete) in Activity Logs tab of the Administration utility for accountability and compliance.
Import Profile:
Import multiple profiles via CSV in bulk to create profiles.
Dashboard Enhancements:
Introduced new widgets, updated widget names and queries.
Quarterly Report Scheduling:
Introduced a new option to generate the quarterly report. You can now schedule your reports to run quarterly, providing you with greater flexibility in your reporting strategy.
Weekly Job for Creating Incidents:
Configure correlation rules to create incidents weekly.
Download limit of Event Count CSV Report:
Export up to 500K records in Event Count reports.
Data Retention Policy:
Access to events is limited to 15 months of data.
New Token for Events Tab:
A new token for events tab is introduced.
Enhanced User Interface (UI 4.0):
Introduced streamlined navigation, refreshed dashboards, and consistent UI across modules.
Platform Name Change:
Platform name is canged from Qualys Cloud Platform to Qualys Enterprise TruRisk™ Platform.
API Enhancements:
Updated Data Retention Policy and extended our support for OAuth 2.0 and OpenID Connect Authentication Standards for FIM APIs. For more information, refer to File Integrity Monitoring 4.4 API Release Notes.

The FIM 4.3 release includes the following updates:

Improved UI for the Incident Details Page:
Redesigned with interactive cards, improved summary, and enriched details for better navigation and quicker understanding.
Export Profiles:
Export multiple profiles with rules consolidated into a single file for easier management.
FIM Rule Display:
Now shows detailed rule info directly on the Event Details page.
Enhancement in Incident Reports:
View additional details regarding Reviews, including the reviewer's identity and the review date.
FIM Rule Naming:
Supports special characters for better clarity and flexibility.
API Enhancements:
Updated two Incident APIs with additional parameters. For more information, refer to File Integrity Monitoring 4.3 API Release Notes.

The FIM 4.2 release includes the following updates:

FIM on Containers:
FIM displays events detected on dynamic container environments.
User Personation Events:
FIM can detect user impersonation events, displaying both Effective User and Actual User for better visibility.
Enhanced Reporting:
Introduced new graphical widgets in PDF reports for Changes By Action/Severity/Type, Events on Assets, Changes by Users.
New tokens for Events Tab:
Introduced new tokens for Events tab.
Re-run Reports:
Reports not marked ‘Completed’ can now be rerun.
API Enhancements:
FIM version 1 APIs are being deprecated. For more information, refer to File Integrity Monitoring 4.2 API Release Notes.

The FIM 4.0.1 release includes the following updates:

Support for Monitoring Symlinks:
FIM supports Symlink or symbolic links within the specified directories on Linux assets.
Cloud Integration Platform Service (CIPS) support for FIM Data:
CIPS can retrieve FIM Events data and push it to multiple cloud interfaces.
Increased Event Limit in Incidents:
The limit for manual incident creation and bulk ignoring of events has been increased from 100,000 to 500,000.
New Token Value for Profile Rule Type:
A new token value symlink is now available for profile rule type.
API Enhancements:
Added validation and removed support for a few fields for the existing FIM APIs. For more information, refer to File Integrity Monitoring 4.0.1 API Release Notes.

The FIM 4.0 release includes the following updates:

Introduced Scan Based Assets:
Scan Based Assets are the assets on which Qualys Agent is not supported, however, you can monitor them remotely with Qualys Scanner.
New Token for Scan Based Assets:
Introduced new tokens for the Scan Based Assets tab.
API Enhancements:
Added validations to import profiles from CSV for FIM API. For more information, refer to File Integrity Monitoring 4.0 API Release Notes.