Historically, the File Integrity Monitoring (FIM) feature has been polling-based. Realtime FIM (RT-FIM) changes that to monitor process access to files more directly, resulting in FIM events coming as soon as the file actions occur. RT-FIM also records the user and process that performed the action.
File systems that support RT-FIM:
Linux: Ext2, Ext3, Ext4, Reiserfs, and VFAT
AIX: JFS, and JFS2
Windows: NTFS, FAT, FAT32, CDROM, and UDF
Watched files or directories residing on other filesystem types will default to polling based file monitoring.
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.