THE DEFINITIVE GUIDE TO

FILE INTEGRITY MONITORING

File Integrity Monitoring (FIM) is a solution to a complicated problem,
but the solution itself doesn’t have to be complicated. With the right
methodology and solution, you can easily install, configure and
manage the integrity of your systems.
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

Contents
File Integrity Monitoring
What is File Integrity Monitoring (FIM)?......................................................................................................... 3

Do I need FIM? ............................................................................................................................................... 3

How FIM Works ............................................................................................................................................. 3

File Integrity Monitoring Methodologies......................................................................................................... 4

What Should I Monitor?.................................................................................................................................. 5

Can a FIM Solution Take Action When a Change is Detected?................................................................... 5

FIM and its Relationship to Security Information and Event Managers (SIEM)........................................... 6

Do File Integrity Monitoring Solutions Provide Me With Reporting?............................................................. 6

Can Other IT Systems/Applications Be Monitored with FIM?....................................................................... 6

Compliance Drivers for FIM

Payment Card Industry Digital Security Standard (PCI-DSS) ..................................................................... 7

NIST 800-53 System And Information Integrity (SI) Guidelines ................................................................... 7

Center for Internet Security (CIS) Critical Security Controls......................................................................... 8

NERC-CIP....................................................................................................................................................... 8

Moving Beyond FIM to System Integrity Assurance...................................................................................... 9

Bringing Integrity to Your Environment (Not Just Files)................................................................................. 9

System Integrity Assurance.......................................................................................................................... 10

Key Questions for Evaluation

Questions .......................................................................................................................................................11

2
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

File Integrity Monitoring

What is File Integrity Monitoring
(FIM)? THE CIMTRAK SOLUTION
File Integrity Monitoring is an IT security technology
which is used to detect changes in an organization’s An advanced integrity solution, CimTrak utilizes
IT environment by making comparisons against a innovative technology, maximizing file integrity
known state. monitoring performance and providing a robust
feature-set, all while being simple and easy to use.
Do I Need FIM? This provides organizations that utilize CimTrak with
Beyond the fact that you’re required to have FIM in place a superior ROI and lower total cost of ownership
for various compliance drivers such as PCI-DSS, your versus other solutions.
system security is significantly weaker if you can’t readily
identify and deal with IT security threats. Without FIM
you’re vulnerable to external threats such as malware as What can be monitored with a file integrity
well as unknown, internally made changes, which can monitoring solution?
compromise your security posture. FIM solutions vary in exactly what all they can monitor,
Most companies find that file integrity monitoring is but most advanced solutions can detect changes
extremely useful for ensuring the security of their data on a wide variety of items typically found in your IT
and systems. By being able to quickly detect changes, environment including:
you can quickly respond to threats that can lead to » Files
a data breach or take down your critical IT systems. » Applications
With the sharp rise in zero-day malware, and advanced » Windows Registry
persistent threats, many traditional IT security tools » Drivers
are simply not able to offer any sort of protection. » Installed Software
Because FIM tools are able to “see” all changes that » Services
are happening, file integrity monitoring is a very valuable » Local Users and Groups
asset to have as part of your IT security defenses. File
integrity monitoring is required to achieve compliance What types of changes are Detected?
with numerous regulations as part of a comprehensive IT Advanced FIM tools will monitor for any type of change
security strategy. including additions, deletions, and modifications.

How FIM Works

All file integrity monitoring products are essentially
comparison tools that keep track of cryptographic THE CIMTRAK SOLUTION
hashes of files at different points in time. Hashes are
CimTrak goes beyond basic change detection
used because they provide a unique “fingerprint” of
(add/modify/delete) to monitor file reads (opens)
each file and they can be easily analyzed since they
in order to monitor if file have been viewed or
are simply a string of characters. When a file is altered
accessed. This capability is critical for files which
in some way, the hash for that given file changes to
may contain sensitive or classified information.
a unique new value. A strong hash provides absolute
Further, when monitoring files, CimTrak not only
certainty, or non-repudiation, that a file has indeed
monitors file contents, but file attributes as well.
changed. Integrity checking products use various
Other solutions don’t, which leaves a gaping hole in
hash algorithms, along with other file parameters,
your change detection abilities.
as a basis for proof that a file has, or has not been
altered. However, file integrity monitoring products
differ drastically in speed, performance impact, and
capabilities in how they accomplish these steps.

3
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

What about routine or expected changes? Are file integrity monitoring technologies such as CimTrak
those detected and alerted on too? can detect changes on most operating systems in real-
This is a common question about file integrity time all while running quietly in the background.
monitoring. The answer is that the vast majority of all The newer, more advanced real-time methodology, does
FIM solutions detect and alert on all changes, causing exactly what the name suggests. It detects changes the
unwanted “noise” that users need to sift through in instant that they occur.
order to find the changes that are truly unexpected, and Operating at the kernel level, real-time file integrity
therefore should be investigated. monitoring intercepts file changes from the operating
system itself. This allows detection of only the watched
files that are changed by the operating system, and
THE CIMTRAK SOLUTION allows changes to be captured at the moment they
occur. This intelligent change detection methodology
CimTrak is the only file integrity monitoring solution uses minimal system resources so that CPU cycles and
that offers an integrated change ticketing system disk I/O remain low. This advanced methodology also
to allow users to plan and reconcile changes. While provides greater accuracy and other forensic information
CimTrak will still detect all changes, so as to have a that is not possible through polling.
complete audit trail, and alerting will be suppressed for Real-time change detection provides a distinct
planned changes. Further, unexpected changes are advantage over poll-based solutions. Today, threats to
highlighted within the CimTrak Management Console, IT infrastructures abound. Further, organizations store
thus making it simple to focus attention changes that a large amount of data on IT systems and rely on them
are truly critical to examine. for almost every aspect of their business. Unexpected
or unknown changes can be catastrophic and cause
loss of income and reputation. Therefore, every second
Will file integrity monitoring affect my system matters when it comes to change detection. By
performance? detecting changes instantly, IT security personnel can be
The short answer is that with the right FIM solution, the quickly alerted to changes that are malicious, can cripple
resources needed to detect changes on your systems critical business functions or lead to a data breach.
are extremely minimal. File integrity monitoring need
not be intrusive and should run transparently in the
background. To better understand this concept, it is
important to understand the different types of monitoring THE CIMTRAK SOLUTION
that various file integrity monitoring solutions utilize. CimTrak was a pioneer in real-time integrity monitoring,
becoming the first FIM product commercially available
File Integrity Monitoring that offered this incredible new technology.
Methodologies It is important to note that all FIM tools that are labeled
Years ago, poll-based file integrity monitoring solutions “real-time” do not necessarily detect changes the
were an IT professional’s only choice. Even today, many millisecond they happen. Some solution vendors
open-source and even some commercially available deceptively claim they offer real-time monitoring
solutions still use a poll-based methodology. Polling a when in reality, files are simply being polled quickly.
file for changes means that a file is checked at certain This approximates real-time, but differentiates from
time intervals. Poll-based file integrity monitoring is the CimTrak’s “Truly Real Time™” methodology. CimTrak
least efficient way to monitor files for changes. This accomplishes Truly Real Time™monitoring via
is because it places a sudden load on the monitored proprietary technology that is simply unavailable in
system when the polling time is reached. When polling, other solutions.
all of the monitored files must be hashed and then the
hash compared with the existing hash from the last poll
interval. In contrast, the new generation of continuous

4
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

What Should I Monitor?

Every environment is unique, so there is not a one Further, CimTrak gives you other valuable change data,
size fits all when it comes to file integrity monitoring. including who made the change, where the change
Monitoring everything, like your entire c: drive isn’t originated, and what process was used to make the
practical and leads to nothing but tons of false positives. change. This data is immensely helpful in determining
For this reason, it is important to be methodical when whether changes are routine or potentially malicious.
thinking about what to monitor. One of the first things Many file integrity monitoring solutions do not provide
that you should do before deploying a tool is to sit this added layer of insight into changes, which
down and consider which items are critical to your greatly limits the value of the solution. Not only will
organization, and what items would be beneficial to valuable time be wasted trying to pinpoint changes
monitor. Some files and parts of an operating system and determine whether the change represents a risk,
change constantly, so monitoring those would not yield but an organization’s security posture could also be
any valuable data. negatively affected.
Things to consider:
» What files/data is most critical to my organization? Can a FIM Solution Take Action
» Where is a likely spot that malware or other malicious When a Change is Detected?
items would attach? Most FIM products can generate an e-mail alert upon
» What are the greatest areas of risk in my IT detection of a change, while more advanced solutions
environment? can send syslog output to a syslog server or security
information and event manager (SIEM) which is
Better FIM tools provide base operating system discussed later in this guide.
templates, which monitor your underlying critical system
files for changes. These templates are usually based on
accepted security standards and will specifically exclude
files that cause false positives. THE CIMTRAK SOLUTION
CimTrak offers e-mail alerting as well as being able
to output syslog to a syslog server or SIEM solution.
THE CIMTRAK SOLUTION What differentiates CimTrak from any other FIM tool is
its ability to go beyond those capabilities to truly offer
CimTrak makes it simple for users to select exactly proactive protection from changes that are malicious
what they need to monitor. With built in OS templates, or can cause critical system downtime.
and the ability to easily drill down into the file structure,
CimTrak offers users the ability to block changes
you can quickly get back to business. What’s more, is
at the system level. Utilizing CimTrak’s proprietary
that with the built in regular expression include/exclude
technology, changes are completely prevented from
function, specific files types can be included or excluded
occurring. Another mode of operation allows users to
from monitoring, making for quick policy definition and a
instantaneously reverse changes. It does this without
significant reduction in the number of false-positives.
relying on any outside system or application. These
advanced capabilities are built right into the CimTrak
solution and offer users unprecedented security
CIMTRAK PROVIDES DEEP for critical files and configurations. These features
SITUATIONAL AWARENESS
are especially useful for ensuring the protection of
Knowing that a file change occurred in your IT
unpatchable systems or devices that should not
environment is of little value without more information.
change outside of a change window such as POS
In addition to letting you know what contents and
systems or ATM machines.
attributes of a file have changed, CimTrak provides you a
side-by-side comparison of files and highlights the exact
lines that have changed. This prevents the tedious task
of searching through a file to determine that exact spot
where a change occurred.

5
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

FIM and its Relationship to Do File Integrity Monitoring

Security Information and Event Solutions Provide Me With
Managers (SIEM) Reporting?
As more and more firms deploy them, what role FIM Most FIM products will offer some type of reporting
plays with regards to Security Information and Event capability, but solutions vary in the number and depth
Managers (SIEM) tools is often a question that IT of these reports. Advanced FIM solutions offer a
and security personnel ask. The answer is that it is a multitude of reports which give you detail on changes
complementary technology, helping SIEM’s do their job at a high level (entire system) down to very granular
better by receiving system, application, and file change levels of detail (change(s) to a single file) as well as the
data directly from the file integrity monitoring tool itself. ability to schedule report generation. This allows you
File integrity monitoring tools provide real, actionable to create reports that meet the needs of different report
data about changes that have occurred. This allows the viewers, everyone from high-level managers
SIEM to combine critical change information with other to auditors.
data streams, allowing for enhanced event analysis and
correlation. This benefits the enterprise by learning about
security events more quickly, and being able to provide THE CIMTRAK SOLUTION
better context surrounding those events. What’s more,
alerts raised by a SIEM can be traced back to the FIM CimTrak offers a complete report generation engine,
tool, which can provide all of the forensic data (who, which produces numerous types of reports to meet the
what, when, how) for the event, allowing for quick and needs of the report viewer. CimTrak can generate reports
simple root-cause analysis. on demand or via a report scheduler.
Not all file integrity monitoring tools can interact with
a SIEM or interact with them seamlessly. If you are
running a SIEM solution or plan to do so in the future, it Can Other IT Systems/Applications
is important to inquire whether your FIM tool is capable Be Monitored With FIM?
of interaction, and if so, how complex the configuration File Integrity Monitoring is somewhat of a misnomer in
procedure is. that advanced FIM tools go beyond simply being able to
monitor files and items closely related to them. A better
name would be “System Integrity Monitoring.” Other
items can often be monitored such as:
THE CIMTRAK SOLUTION
» Network Device Configurations
CimTrak simply integrates with any SIEM solution » Active Directory/LDAP Object Settings
and offers custom syslog output in a wide variety of » Database Schemas
formats requested by SIEM solutions. Some of the » Log Files
SIEM solutions that CimTrak integrates with include:
Advanced FIM tools can monitor more than files, which
» HP ArcSight provides users a holistic solution for their IT security and
» IBM QRadar can often allow the combination of a number of tools
» McAfee Enterprise Security Manager into a single solution. This greatly simplifies workflow
» RSA Security Analytics and often results in cost savings as well.
» Splunk
» Many others

THE CIMTRAK SOLUTION

CimTrak strives to be a single solution for organizations
that can “detect change across the enterprise.” With the
ability to detect changes on much more than simply files,
CimTrak has your entire IT environment covered.

6
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

Compliance Drivers For FIM

Payment Card Industry Digital Security NIST 800-53 SYSTEM And Information Integrity
Standard (PCI-DSS) (SI) Guidelines
The Payment Card Industry Digital Security Standards NIST 800-53 “Recommended Security Controls for
(PCI-DSS) was the first compliance standard to require Federal Information Systems and Organizations” lays out
file integrity monitoring of critical systems that handle a framework for U.S. government agencies to safeguard
payment card data. Section 11.5 specifically requires IT systems. While it was developed for government
file integrity monitoring be implemented to check files in use, it can be applied to any organization as “best
the PCI environment and section 10.5.5 requires FIM to practice” guidelines. For this reason, many commercial
monitor changes to logs. Given the extremely sensitive organizations also adopt the framework. SI-7 of the
nature of payment card data, the ability to ensure standard specifically discuss the need for integrity
the integrity and security of systems that handle it is monitoring while SI-3 and SI-4 also benefit from a FIM
extremely critical. solution. All of these sections deal with monitoring the
IT environment for changes, which could affect security
“10.5.5 Use file-integrity monitoring or change-detection and compromise sensitive information.
software on logs to ensure that existing log data cannot
be changed without generating alerts (although new data SI-7
being added should not cause an alert).” “Software, Firmware, and Information Integrity
Control: The organization employs integrity verification
“11.5 Deploy a change-detection mechanism (for example, tools to detect unauthorized changes to [Assignment:
file-integrity monitoring tools) to alert personnel to organization-defined software, firmware, and
unauthorized modification (including changes, additions, information].
and deletions) of critical system files, configuration files, or
content files; and configure the software to perform critical Supplemental Guidance: Unauthorized changes
file comparisons at least weekly.” to software, firmware, and information can occur
due to errors or malicious activity (e.g., tampering).
Software includes, for example, operating systems
THE CIMTRAK SOLUTION (with key internal components such as kernels, drivers),
middleware, and applications. Firmware includes,
CimTrak allows you to fully meet PCI-DSS requirements for example, the Basic Input Output System (BIOS).
10.5.5 and 11.5 as well as assisting with many others. Information includes metadata such as security attributes
CimTrak’s built in templates makes configuration associated with information. State-of-the-practice
fast and easy. The CimTrak PCI Compliance Module integrity- checking mechanisms (e.g., parity checks,
also automates the checking of critical operating cyclical redundancy checks, cryptographic hashes) and
system configurations to ensure compliance with PCI associated tools can automatically monitor the integrity
requirements. Organizations around the globe trust of information systems and hosted applications. Related
CimTrak to help them meet PCI-DSS requirements. controls: SA-12, SC-8, SC-13, SI-3.”

THE CIMTRAK SOLUTION

CimTrak is utilized by government agencies and other
organizations that follow the 800-53 standards for
their IT security program. By monitoring for changes
to critical systems and applications and reporting on
that information in real-time, human errors or other
malicious activity that can cause disastrous system
downtime or lead to a data breach.

7
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

Center For Internet Security (CIS) Critical NERC-CIP

Security Controls Section 010 of the North American Energy Reliability
Critical Security Control #3, Secure Configurations Council’s Critical Infrastructure Protection standard
for Hardware and Software also calls for file integrity requires that configuration changes to power grid
monitoring to be implemented. CIS Control #3 systems be detected. This is commonly done by using
discusses how deploying file integrity monitoring a file integrity monitoring tool to develop as baseline
can detect security threats and notify appropriate from which deviations are noted and alerted upon.
personnel in a timely manner. Requirement 3.5 requires
a file integrity checking tool be placed on systems to CIP – 010
monitor the security of the operating system as well 1.1 The configuration change management
as applications. processes are intended to prevent unauthorized
modifications to BES Cyber Systems.
CSC 3, SECTION 3.5
“Use file integrity checking tools to ensure that critical Develop a baseline configuration, individually or by
system files (including sensitive system and application group, which shall include the following items:
executables, libraries, and configurations) have not
been altered. The reporting system should: have the 1.1.1. Operating system(s) (including version) or
ability to account for routine and expected changes; firmware where no independent operating system
highlight and alert on unusual or unexpected alterations; exists;
show the history of configuration changes over time and
identify who made the change (including the original 1.1.2. Any commercially available or open-source
logged-in account in the event of a user ID switch, application software (including version) intentionally
such as with the su or sudo command). These integrity installed;
checks should identify suspicious system alterations
such as: owner and permissions changes to files or 1.1.3. Any custom software installed;
directories; the use of alternate data streams which
could be used to hide malicious activities; and the 1.1.4. Any logical network accessible ports; and
introduction of extra files into key system areas (which
could indicate malicious payloads left by attackers 1.1.5. Any security patches applied.
or additional files inappropriately added during batch
distribution processes).” 1.2 Authorize and document changes that deviate
from the existing baseline configuration.

1.3 For a change that deviates from the existing

THE CIMTRAK SOLUTION baseline configuration, update the baseline
configuration as necessary within 30 calendar days of
Organizations following the best practice, Critical
completing the change.
Security Controls requirements, use CimTrak to meet
section 3.5 as well as other requirements such as
9.3, which discusses monitoring open ports as well
as 11.3; monitoring for configuration changes on THE CIMTRAK SOLUTION
network devices.
You can find CimTrak deployed by energy companies
throughout the United States and Canada, monitoring
their critical cyber infrastructure including servers,
workstation, and network devices for changes that
could disrupt power generation or transmission.

8
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

Moving Beyond FIM to System Bringing Integrity to Your

Integrity Assurance Environment (Not Just Files)
As more and more firms deploy them, To date, traditional Integrity is the accuracy and completeness of data
FIM tools and solutions have been unsuccessful in their throughout its entire life cycle. That means no matter what
objective of providing any form of integrity at all. In fact, service, device, or user accesses, stores, processes,
the acronym of FIM is very misleading as there is no transmits, or receives data, it remains accurate and
“Integrity” in the detection of change. It’s all the collective complete. For this to be possible, four things are needed:
functionality that surrounds the trigger of change that 1. An authoritative baseline of what data should look like.
enables you to achieve a desired state of trust and 2. A way to identify and protect data from unauthorized
confidence through integrity management. change.
If FIM tools did what they were supposed to, they would 3. A way to roll back unauthorized changes not blocked
help cybersecurity teams identify and prevent most at the source.
attacks—at least those that rely on file changes or access. 4. A way to verify that controls 1 – 3 are in place and
But, as most security professionals already know, FIM working correctly.
tools don’t do what they are meant to do. Here’s why: Notice we’re talking about data, not just files. To have
» Noise - A typical ‘FIM’ tool simply monitors files for integrity, you need to protect all of the data in your
change and produces alerts—lots of alerts. They environment—including data held in configuration files,
produce so many alerts they have become ‘shelfware’ network devices, users, groups, policies, active directories,
for most cybersecurity teams. database schemas, hypervisors, container orchestrations,
» Lack of Context - Typical ‘FIM’ tools provide a massive cloud configurations and more…
list of changes without any context or distinction. This
list is too large to triage, so cybersecurity teams ignore
these change alerts.
THE CIMTRAK SOLUTION
» Too Resource Intensive - Most FIM tools identify change
by completing daily polling scans of all files in an IT Working From A Trusted Baseline
environment. This process is hugely resource-intensive, Working From A Trusted Baseline includes all
so it usually happens overnight. While it would be more of the assets, file hashes, configuration settings,
valuable to scan the environment continuously, this is etc, allowed to exist in an environment. CimTrak
simply impossible, as it would interfere with other IT leverages best practices from authoritative sources
operations. like CIS Benchmarks and DISA STIGs to establish a
known and trusted baseline that can restore at any
point in time.
Verifying Integrity In Real-time, CimTrak monitors
THE CIMTRAK SOLUTION changes and responds instantly to unexpected/
unwanted changes. This Proactively prevents
CimTrak assesses an infrastructure’s risks and cyberattacks at the source without restricting
vulnerabilities network hardening by scanning operations to reactive threat feeds.
your environment. Receive a real-time view of how
Complete Change Detail
system configuration compares with your chosen
CimTrak pinpoints exactly what has changed
framework.
and provides complete change audit information.
CimTrak’s continuous compliance solution provides Forensic details provided with changes include; Who
the necessary guidance to fix and remediate changed the information, What exactly changed,
failed compliance scans. Minimizing risk and When it was changed, and the process used to
vulnerabilities in real-time drastically reduces the risk change it, or the How.
of security breaches and improves the ability to pass
compliance audits.

9
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

System Integrity Assurance

System integrity assurance works under the same principle as physical security. It establishes a known, trusted, and
authoritative baseline of what is allowed and then prevents, limits, or rolls back everything else. Whenever an unknown
change occurs, it’s managed by exception so that acceptable changes are added to the baseline while unacceptable
changes are prevented.
System Integrity Assurance can be demonstrated as the following workflow:

This is a closed loop process for managing changes from a trusted baseline. Similar to the change management
procedures articulated by best practices of ITIL, NIST CIS and others, this process covers all stages needed to ensure only
acceptable changes are allowed to proceed, while others are prevented or rolled back.

10
 THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING

Key Questions For Evaluation

» Is the solution capable of truly real-time detection? » Can the solution differentiate between “good” and
» Is the solution easy to install, configure and use? “bad” changes, allowing you to focus your attention on
those that are most critical?
» Does the solution only log file changes or does it have
other capabilities? » Does the solution have centralized policy management
and reporting?
» Does the solution give you important information
regarding changes such as who made the change, » Does the tool have a simple methodology for
what process was used, and the originating IP address reconciling changes in your infrastructure?
of the change? File Integrity Monitoring plays a critical role in
» Can the solution show you exactly what within a file maintaining the security, integrity, and compliance
was changed, giving you a side-by-side comparison of you organization’s IT assets. By providing you key
with the original file? information on changes, file integrity monitoring allows
» Does the solution integrate with other security you to be aware of, and react to, changes quickly and
solutions such as SIEM’s? efficiently. Understanding how various solutions differ is
the first step in finding and implementing a solution that
» Is the solution capable of providing a holistic look at meets your needs.
change across your IT environment, or does it only
monitor file changes?

11
 F ITSEMGAR IaTnYdMNOI S
THE DEFINITIVE GUIDE TO FILE IN NTI T8O0R0I-N5 G
3

Supported Platforms
CimTrak for Servers, Critical Workstations & POS Systems
WINDOWS: XP, Vista, 7, 8, 10, Embedded for Point of Service (WEPOS), POSReady, Windows 10 IoT Enterprise
WINDOWS SERVER: 2003, 2008, 2012, 2016, 2019
LINUX: Amazon, CentOS, ClearOS, Debian, Fedora, Oracle
SUN SOLARIS: x86, SPARC Red Hat, SUSE, Ubuntu, others
MAC: Intel, Power PC
HP-UX: Itanium, PA-RISC
AIX

Windows Parameters Monitored

FILE ADDITIONS, DELETIONS, MODIFICATIONS, AND READS
ATTRIBUTES: compressed, hidden, offline, read-only, archive, reparse point
Creation time, DACL information, Drivers, File opened/read, File Size, File type, Group security information, Installed
software, Local groups, Local security policy, Modify time, Registry (keys and values), Services, User groups

UNIX Parameters Monitored

FILE ADDITIONS, DELETIONS, AND MODIFICATIONS
Access Control List, Attributes: read-only, archive, Creation time, File Size, File type, Modify time, User and Group ID

Supported Platforms CimTrak For Network Devices

Cisco, Check Point, Extreme, F5, Fortinet, HP, Juniper, Netgear, NetScreen, Palo Alto, Others

Supported Platforms CimTrak For Databases

Oracle, IBM DB2, Microsoft SQL Server
MySQL PARAMETERS MONITORED, Default rules, Full-text indexes, Functions, Groups, Index definitions, Roles, Stored
procedures, Table definitions, Triggers, User defined data types, Users, Views

Supported Hypervisors
Microsoft Hyper-V, VMware ESXi 3x, 4x, 5x, 6x, 7x

Supported Cloud Platforms

Google Cloud, Amazon AWS, Microsoft Azure

Supported Container & Orchestration Integrations

Docker, Docker Enterprise, Kubernetes, Google Kubernetes Engine (GKE), Amazon Elastic Kubernetes Service (EKS)

Supported Ticketing Integrations

CA ServiceDesk, Atlassian Jira, ServiceNow, BMC Remedy

Supported SIEM Integrations

IBM QRadar, McAfee Event Security Manager, Splunk, LogRhythm, Microfocus Arcsight, and others

»TRY CIMTRAK NOW

Cimcor develops innovative, next-generation, file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical,
network, cloud, and virtual IT assets in real-time, while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps
you get compliant and stay that way.

CIMCOR.COM | FOLLOW US @CIMTRAK © CIMCOR 2021 | THE DEFINITIVE GUIDE TO FILE INTEGRITY MONITORING V10.2