File Integrity Monitoring Release 4.9.2
June 15, 2026
Enhanced Support for Container Event Detection with Customized Monitoring Profiles
FIM now supports customized monitoring profiles for the updated Container Security (CS) policies. You can import monitoring profiles from the Library, and you can add, update, delete, or rename the rules within the imported profile. FIM uses these customized profiles to generate events based on the latest customized policy configurations, providing more accurate monitoring and event visibility.
FIM prioritizes customized monitoring profiles over default library profiles such as the Linux Monitoring Profile for PCI DSS 4.0 and the Linux Monitoring Profile for HIPAA. This enhancement helps ensure that events generated from updated monitoring rules are accurately detected and displayed in FIM.
FIM uses the default library profile if the imported profile does not exist.
To edit the profile rule, go to Configuration > Library, select the profile either Linux Monitoring Profile for PCI DSS 4.0 or Linux Monitoring Profile for HIPAA, and then select Import to Profiles from the Quick Actions menu. Activate the profile. You can create or edit the rule after clicking on Edit from the Quick Actions menu, in the Profile section.
After you save the profile, FIM uses the imported profile for monitoring. When file activity matches a rule in the imported profile, FIM generates an event and displays it under the Events > All Events > Container Based tab. To view the generated event details, select the generated event and click Edit from the Quick Actions Menu. The Events details are displayed.
For more information, refer to Container Based Events.
Issues Addressed
The following reported and notable issues are fixed in this release:
| Category/Component | Description |
|---|---|
| FIM Configuration > Profiles > New Profile | Previously, clicking Cancel during new FIM Profile creation still created the profile and placed it in the Inactive state, even without clicking Save.
Profiles are now created only when the Save button is clicked on FIM Configuration > Profiles > New Profile page during FIM profile creation. Clicking Cancel fully discards the configuration, and canceled profiles no longer appear under the Inactive state. |
| FIM Activity Logs | Previously, FIM Activity Logs displayed incorrect user information for some automated actions. When the user deactivated a Cloud Agent and automatically removed its assets from monitoring profiles, it displayed the last user name who edited the profile rather than indicating that the user performed the action.
Now, we have fixed this issue on FIM > Activity Logs by ensuring that activity logs now correctly identify system-initiated actions. When the system removes an asset from a monitoring profile due to Cloud Agent deactivation, the log now shows SYSTEM as the actor. So, you can easily distinguish automated actions from user actions. |
| FIM Report > Report Rules | Previously, a Super User could not edit, delete, or resume paused FIM report rules on the Report > Report Rules page that were created by inactive users, and encountered errors when attempting to perform these actions.
Now, Super User can edit, resume, and delete paused report rules without errors. Super Users with full access can view and manage all report rules, regardless of the rule creator. |
| Schedule Reports |
Previously, Event data in CSV reports differed from the data displayed in the UI. Additionally, some reports remained in the processing state and were not completed successfully.
Now, Event data is consistent between CSV reports and the UI. Reports also process successfully without getting stuck in the processing state. |