Skip to main content
McAfee Enterprise MVISION Cloud

File Integrity Monitoring Policy Incidents

When installed with the CWPP Agent, the File Integrity Monitoring (FIM) plugin validates containers to assure compliance for files against a known good baseline. FIM Incidents are reported on the Policy Incidents page. 

For complete details about Policy Incidents, see Policy Incidents Page

To view FIM policy incidents:

  1. Go to Incidents > Policy Incidents
  2. Filter for Incident Type > File Integrity Incident
  3. Filter for your Service Name
    fim_policy_incidents_5.4.2.png
  4. Click a table row to select an incident and display the Cloud Card for the resource. The incident page can display incidents either for container or virtual machine depending on the policy. fim_incidents_cloud_cards.png
  • For Containers:
    • In the first Cloud Card, click a File.
    • In the second Cloud Card, click a Container Instance associated with the file. 
    • In the third Cloud Card, view the File Events and other details associated with the file, including File HashesFIM_policy_incident_page_VM.png
  • For Virtual Machines:
    • In the first Cloud Card, click a File
    • Once selected, the second Cloud Card will display the File Events and other details associated with the file, including File Hashes
  • Was this article helpful?