Historically, the File Integrity Monitoring (FIM) feature has been polling-based. Realtime FIM (RT-FIM) changes that to monitor process access to files more directly, resulting in FIM events coming as soon as the file actions occur. RT-FIM also records the user and process that performed the action.
File systems that support RT-FIM:
Linux: Ext2, Ext3, Ext4, Reiserfs, and VFAT
AIX: JFS, and JFS2
Windows: NTFS, FAT, FAT32, CDROM, and UDF
Watched files or directories residing on other filesystem types will default to polling based file monitoring.