Create a File Integrity Monitoring Policy
To create a File Integrity Monitoring policy, start with the preconfigured policy template, then edit the policy to pertain to your service account and instance.
Skyhigh CASB supports only Observe mode for Linux, and the policy rule is not editable. The policy validates files managed by containers or VMs.
To create a File Integrity Monitoring policy:
- Go to Policy > Policy Templates.
- Under Policy Type, filter for File Integrity.
- In the table view, select Monitor critical system files for containers or Monitor critical system in a VM, and click Create Policy.
- In the dialog, click Create Policy.
- Edit the policy in the Policy Wizard.
- Name. Add a unique name. (The description cannot be edited.)
- Policy Mode. Only Observe is supported.
- Platform. Only Linux is supported.
- Accounts. Click Select Accounts and select the service and instances you want to monitor. Click Done.
- Tags. Add any tags, keys, and values you want to include.
- Click Next.
- The Rules for the policy are not editable.
- Click Next.
- Edit the Responses as necessary.
- Click Next.
- Review your policy changes and click Save.
The new policy is displayed on the File Integrity Policies page, and set to active.
FIM Policy Incidents are reported on the Policy Incidents Page.
FIM Resources are displayed on the Resources Page.