Release 4.0.1 

June 17, 2024

Support for Monitoring Symlinks

With this release, FIM now supports symlink or symbolic links within the specified directories on Linux assets.

Symlink provides you flexibility and convenience by serving as a pointer or reference to another file or directory. With Symlinks you get easy access, simplified data management, and reduced redundancy.

To enable monitoring Symlinks, select Symlink as the Rule Type for the Symlink directory path and events to be monitored in the FIM monitoring profile for Linux operating system.

Note: The supported Linux agent version is 6.3 and later.

 Symlink is available with Cloud Agent for Linux 6.3.

CIPS Support for FIM Data

File Integrity Monitoring (FIM) now supports the Cloud Integration Platform Service (CIPS). CIPS retrieves data from FIM and pushes it to multiple cloud interfaces.

In FIM, CIPS retrieves data only for events.

Increased Event Count in an Incident

With this release, we have increased the limit for the number of manual incident creation and the bulk ignoring of events to 500 thousand. Earlier, the limit was 100 thousand.

New Value for Profile Rule Type Token

With this release, we added a new value–symlink to the profile.rule.type token in the Events tab to search symlink events.  For example, profile.rule.type:symlink.

API Changes

We have added validation and removed support for a few fields for the existing FIM APIs.

To learn more about the API enhancements, refer to API Release Notes.

Enhancements

We have enhanced the FIM online help to explain scenarios where you can update the incident filter. For details, refer to FIM Online help.