When installed with the CWPP Agent, the File Integrity Monitoring (FIM) plugin validates containers to assure compliance for files against a known good baseline. FIM Incidents are reported on the Policy Incidents page.
For complete details about Policy Incidents, see Policy Incidents Page.
To view FIM policy incidents:
- Go to Incidents > Policy Incidents.
- Filter for Incident Type > File Integrity Incident.
- Filter for your Service Name.
- Click a table row to select an incident and display the Cloud Card for the resource. The incident page can display incidents either for container or virtual machine depending on the policy.
- For Containers:
- In the first Cloud Card, click a File.
- In the second Cloud Card, click a Container Instance associated with the file.
- In the third Cloud Card, view the File Events and other details associated with the file, including File Hashes.
- For Virtual Machines:
- In the first Cloud Card, click a File
- Once selected, the second Cloud Card will display the File Events and other details associated with the file, including File Hashes.