re fim

22 views
Skip to first unread message

Monesh

unread,
May 22, 2026, 4:58:48 AM (yesterday) May 22
to Wazuh | Mailing List
hello,
i want to perform fim but i dont know how to do in proper ways

Himanshu Sharma

unread,
May 22, 2026, 5:22:13 AM (yesterday) May 22
to Wazuh | Mailing List

Hi Team,


Wazuh has a built-in capability for file integrity monitoring. The Wazuh FIM module monitors files and directories and triggers an alert when a user or process creates, modifies, and deletes monitored files. It runs a baseline scan, storing the cryptographic checksum and other attributes of the monitored files. When a user or process changes a file, the module compares its checksum and attributes to the baseline.

We can configure the FIM monitoring as mentioned here: How to configure the FIM module - File integrity monitoring

To perform File Integrity Monitoring (FIM) properly in Wazuh, the recommended approach is to first identify which files or directories you want to monitor and what type of changes you want to detect, such as:

  • File creation/deletion
  • Permission changes
  • Ownership changes
  • Content modifications

In Wazuh, FIM is configured through the syscheck module on the agent side. You need to update the ossec.conf file on the endpoint or group configuration where monitoring is required.

If you share your requirements, we can help provide a more optimised FIM configuration for your environment.

You can check the reference documents below to learn more about the FIM:


https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html

https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/use-cases/index.html

Thanks,

Reply all
Reply to author
Forward
0 new messages