Enginsight File Integrity Monitoring
Enginsight FIM events capturing file system changes: creation, modification and deletion of critical files and configuration objects across monitored servers.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (15)
| Field | Type |
|---|---|
ngs.fim.logIds | string [] |
ngs.fim.rules | string [] |
ngs.fim.userId | string |
ngs.fim.groupId | string |
ngs.fim.md5 | string |
ngs.fim.sha1 | string |
ngs.fim.fileName | text_general [] |
ngs.fim.cwd | text_general [] |
ngs.fim.operation | text_general [] |
ngs.fim.username | text_general [] |
ngs.fim.groupname | text_general [] |
ngs.fim.domain | text_general [] |
ngs.fim.executable | text_general [] |
ngs.fim.success | boolean |
ngs.fim.occurrences | pint |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.