Enginsight File Integrity Monitoring
Enginsight FIM (File Integrity Monitoring) tracks critical file and registry changes to spot tampering or misuse.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (15)
| Field | Type |
|---|---|
ngs.fim.logIds List of low-level audit record IDs that were consolidated into this FIM event. | string [] |
ngs.fim.rules Set of FIM detection rules that triggered for the affected file or directory. | string [] |
ngs.fim.userId Numeric or string user identifier that performed the operation. | string |
ngs.fim.groupId Identifier of the primary group associated with the acting user or process. | string |
ngs.fim.md5 MD5 checksum of the file content after the change (blank if file deleted). | string |
ngs.fim.sha1 SHA-1 hash of the file content after the change, used to verify integrity. | string |
ngs.fim.fileName Absolute path and file name that was created, modified or removed. | text_general [] |
ngs.fim.cwd Current working directory of the process at the time of the file operation. | text_general [] |
ngs.fim.operation Action that occurred on the file system object (e.g., create, modify, delete, rename, chmod). | text_general [] |
ngs.fim.username User name associated with the UID that carried out the change. | text_general [] |
ngs.fim.groupname Primary group name tied to the GID involved in the event. | text_general [] |
ngs.fim.domain Windows or Active Directory domain of the user or host, if applicable. | text_general [] |
ngs.fim.executable Full path to the executable that initiated the file-system change. | text_general [] |
ngs.fim.success Boolean flag indicating whether the attempted operation succeeded (true) or failed (false). | boolean |
ngs.fim.occurrences Number of times this identical event was observed and aggregated within the reporting interval. | pint |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.