File Integrity Monitoring (FIM)

Retrieve the specified FIM configuration policy.

GET https://server1:24351/REST/fim/configs?appid=<appid>&timestamp=<timestamp>&hmac=<hmac>
RESPONSE {"name":"default","cfg":{"predefs":{"bin":{"all":{"ino":true,"mode":true,"uid":true,"gid":true,"own":"root","pmask":"022","size":true,"mtime":true,"ctime":true,"hash":true,"risk":10}},"sysconf":{"exec":{"ino":true,"mode":true,"uid":true,"gid":true,"pmask":"022","size":true,"mtime":true,"ctime":true,"hash":true,"risk":10},"script":{"ino":true,"mode":true,"uid":true,"gid":true,"pmask":"022","size":true,"mtime":true,"ctime":true,"hash":true,"risk":10},"dev":{"uid":true,"gid":true,"mode":true,"risk":10},"other":{"ino":true,"mode":true,"uid":true,"gid":true,"pmask":"002","size":true,"mtime":true,"ctime":true,"risk":6}},"log":{"all":{"uid":true,"gid":true,"mode":true,"pmask":"002","mtime_later":true,"ctime_later":true,"risk":4}}},"include":[{"path":"/etc/*","chk":"sysconf","recurse":true,"xdev":true,"follow":false},{"path":"/proc","chk":"log","recurse":false},{"path":"/mnt","chk":"log","recurse":false},{"path":"/etc/mtab","chk":"log","recurse":false},{"path":"/etc/motd","chk":"log","recurse":false},{"path":"/etc/passwd","chk":"log","recurse":false},{"path":"/etc/shadow","chk":"log","recurse":false},{"path":"/boot/*","chk":"sysconf","recurse":true,"xdev":true,"follow":false},{"path":"/bin/*","chk":"bin","recurse":true,"xdev":true,"follow":false},{"path":"/var/log/*","chk":"log","recurse":true,"xdev":true,"follow":false},{"path":"/var/adm/*","chk":"log","recurse":true,"xdev":true,"follow":false}],"exclude":["/root/.*sh_history","/home/*","/etc/pb.db"]}}

List all of the FIM configuration policies.

GET https://server1:24351/REST/fim/assigm?appid=<appid>&timestamp=<timestamp>&hmac=<hmac>
RESPONSE {"name":"default","hostname":"pbuild","lastupdated":"2016-11-14 16:17:08"}

Get the name of the currently assigned configuration policy.

GET https://server1:24351/REST/fim/config/host?appid=<appid>&timestamp=<timestamp>
&hmac=<hmac>&hostname=<hostname>
GET https://server1:24351/REST/fim/config/host?appid=<appid>&timestamp=<timestamp>
&hmac=<hmac>&name=<name>
RESPONSE {"name":"default","hostname":"pbuild","lastupdated":"2016-11-14 16:17:08"}

List the FIM reports.

GET https://server1:24351/REST/fim/reports?appid=<appid>&timestamp=<timestamp>&hmac=<hmac>
RESPONSE [{"uuid":"d897e8d5-d854-450a-be83-faeef2d52dae","rundate":"2016-11-14 19:43:41","updated":0,"deleted":false,"new":3332,"total":3332,"policy":0,"max_risk":10,"name":"default","host":"pbtest"}]

Retrieve the specified report.

GET https://server1:24351/REST/fim/report?appid=<appid>&timestamp=<timestamp>
&hmac=<hmac>&uuid=<uuid>
RESPONSE {"uuid":"8511cd6f-f21e-4832-ba2a-33b2c483012f","rundate":26860624,"updated":1,"deleted":0,"new":0,"total":1,"policy":0,"max_risk":6,"name":"default","host":"pbuild","rpt":[{"after":{"mtime":"2016-11-15 13:20:16","ctime":"2016-11-15 13:20:16","ino":544386,"dev":2051,"file":"foo"},"path":"/etc","before":{"mtime":"2016-11-04 16:14:03","ctime":"2016-11-04 16:14:03","ino":544386,"dev":2051,"file":"foo"},"risk":6,"change":"updated"}]}

Put the specified configuration policy.

PUT https://server1:24351/REST/fim/config?appid=<appid>&timestamp=<timestamp>&hmac=<hmac>
REQUEST { JSON config }
RESPONSE { "status" : 0}

Assign the specified host to the named configuration policy.

PUT https://server1:24351/REST/fim/assign?appid=<appid>&timestamp=<timestamp>&hmac=<hmac>
REQUEST { "name" : "<configname>", "hostname" : "<hostname>" }
RESPONSE { "status" : 0}

Delete the specified policy configuration.

DELETE https://server1:24351/REST/fim/config?appid=<appid>&timestamp=<timestamp>
&hmac=<hmac>&name=<name>

Delete the specified FIM report.

DELETE https://server1:24351/REST/fim/report?appid=<appid>&timestamp=<timestamp>&hmac=<hmac