Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

File Integrity Monitoring Policy Incidents

  1. Last updated
  2. Save as PDF

When installed with the CWPP Agent, the File Integrity Monitoring (FIM) plugin validates containers to assure compliance for files against a known good baseline. FIM Incidents are reported on the Policy Incidents page. 

For complete details about Policy Incidents, see Policy Incidents Page

To view FIM policy incidents:

  1. Go to Incidents > Policy Incidents
  2. Filter for Incident Type > File Integrity Incident
  3. Filter for your Service Name
    fim_policy_incidents_5.4.2.png
  4. Click a table row to select an incident and display the Cloud Card for the resource. The incident page can display incidents either for container or virtual machine depending on the policy. fim_incidents_cloud_cards.png
  • For Containers:
    • In the first Cloud Card, click a File.
    • In the second Cloud Card, click a Container Instance associated with the file. 
    • In the third Cloud Card, view the File Events and other details associated with the file, including File HashesFIM_policy_incident_page_VM.png
  • For Virtual Machines:
    • In the first Cloud Card, click a File
    • Once selected, the second Cloud Card will display the File Events and other details associated with the file, including File Hashes
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.