File Integrity Monitoring Clients

The File Integrity Monitoring Clients page lists all known endpoints that use a selected policy server. This information is obtained via the Profile action in the Hosts Inventory section, by reading each endpoints pb.settings file. This section allows the administrator to perform the actions detailed in this topic.

For more information on the Profile action, see the following:

Policy Assignment

By selecting one or more endpoints in the list, endpoints can be configured to use specific File Integrity Monitoring (FIM) policies, which themselves are managed in the Policies section. A list of available policies are then displayed. An endpoint can be assigned only one FIM policy at a time; changing the assigned policy removes any previous assignment.

To assign or change the currently assigned FIM policy:

  1. On the Home page, click Policy Management.
  2. Using the filtering options (or from the list), select a server.
  3. At the right of the server hostname row, click the vertical ellipsis menu icon, and then select FIM.
  4. On the FIM page, click Clients.
  5. On the FIM Clients page, do either of the following:
    • Use the filtering options to find a specific client.
    • Find it directly in the list.
  6. To select a FIM client, at the left of its hostname, check the box.

If you want to make the same assignment or change in assignment for multiple clients, you can. To do so, select multiple clients at this step. Once you click Apply at step 10, the change applies to all clients selected.

  1. At the far right, click the Actions menu, and then select FIM Policy Assignment.
  2. On the Policy Assignment panel, at the right of the Policy name field, click the dropdown arrow, and then select a policy to assign or reassign.
  3. In the Change requested by [loggedInUserName] field, enter a reason for the assignment or change.

The step above is only available if you have enabled Change Management on the FIM Policy server.

  1. Click Apply.
  2. To close the Policy Assignment panel, click the X at the top-right of the panel.

FIM Reports Execution

By selecting one or more endpoints in the list, endpoints can execute the assigned FIM report. The time it takes to complete the task varies based on a number of factors, including hardware, complexity, and scope of the FIM policy. FIM Report Execution requires credentials to authenticate into the endpoint to execute the task.

You can also use default credentials that you set up under Hosts > Credential Rules. For more information, see Use Credential Rules.

An option to update the base file state from which further reports would compare against, is available (the Update the report database option at Step 8, which can be toggled ON or OFF).

To run FIM reports:

  1. On the Home page, click Policy Management.
  2. Using the filtering options (or from the list), select a server.
  3. At the right of the server hostname row, click the vertical ellipsis menu icon, and then select FIM.
  4. On the FIM page, click Clients.
  5. On the FIM Clients page, do either of the following:
    • Use the filtering options to find a specific client.
    • Find it directly in the list.
  6. To select a FIM client, at the left of its hostname, check the box.

If you want to run a FIM report for multiple clients using the same credentials, you can. To do so, select multiple clients at this step. Once you click Apply at step 13, the reports are run for all clients selected.

  1. At the far right, click the Actions menu, and then select FIM Reports Execution.
  2. On the Run FIM Reports panel, if you want to update the report database, click the Update the report database toggle to ON. Turning it on changes the baseline to the results of the report that you are about to run. As a result, any future report will be reported in terms of a deviation or difference from this one.

Steps 9-11 are optional fields, if you have defined Credential Rules for the hosts selected. Steps 10 and 11 are also optional, based on the permissions of the user selected at Step 9, and the strategy selected at Step 10.

  1. At the right of the Login Credential field, click the dropdown arrow and select a credential.
  2. At the right of the Delegation Strategy field, click the dropdown arrow and select a strategy.
  3. Depending on the option you select, you might need to enter a delegated credential. If so, at the far right of the Delegated Credential field, click the dropdown arrow and select a delegated credential.
  4. In the Change requested by [loggedInUserName] field, enter a reason for the change.
  5. Click Apply.
  6. To close the Policy Assignment panel, click the X at the top-right of the panel.

You can view the current status of the task in the Tasks section.