📄️ File Integrity Monitoring for Windows Overview
FIM provides visibility into new and changed files. FIM monitors a predefined set of files/directories at a periodic interval to identify files that have changed.
📄️ Configure FIM Properties for Windows Agent
By default, Lacework configures the Windows agent File Integrity Monitoring (FIM) feature with default settings. For example, Lacework monitors a set of default paths as well as excludes monitoring a set of default paths.
📄️ Monitor Windows Registry Changes
The Windows registry is a database that stores configurations for the Windows operating system and applications installed on Windows. Threat actors could modify the Windows registry to automatically execute applications when Windows starts, a user logs in, or an application is launched. The Lacework Windows agent monitors such registry changes on hosts and reports them in the Lacework Console so that you can quickly act on malicious registry changes.