...
Below is a table describing the contents of a FIM Telemetry Event generated by Snare Agent.
| Field | Type | Description | |||
|---|---|---|---|---|---|
| Hostname | String | The host name of the originating computer. | |||
| EventType | String | FIMLog TelemetryLog - the type of event generated. | |||
SecurityLevel | Integer | The severity level (Criticality) of the generated event. | |||
| EventTimeTimeCreated | Datetime | The time at which the modification telemetry event was detected . (YYYY-MM-DDThh:mm:ss) | |||
| DigestType | String | SHA512 - the hashing algorithm used. | |||
| EventAction | String | One of CHANGE, DELETE, RENAME or NEW. | |||
| ObjectTypeMetricType | String | FILE | ObjectNameCPU|DSK|MEM|NET | ||
InstanceName (May change to ObjectName) | String | The full path name of the object that has been added, removed, changed or renamed. | ObjectSize | Integer | The size of the object in bytes after the modification. the hardware interface the event is sourced. |
| EventName | String | The name of the metric of the hardware interface. | |||
| Value | Float | The value of the metric. | |||
| ObjectOwner | String | The owner of the object that the change was detected on. | |||
| ObjectMTime | Datetime | The modification time (mtime) of the object when the change is detected. (YYYY-MM-DDThh:mm:ss) | |||
| ObjectDigestEventChecksum | String | The calculated digest (checksum) value. | |||
| ObjectAttributes | Integer | The attributes of the object as a bit-wise integer value. | |||
| PrevObjectName | String | The name of the object that had been added, removed, changed or renamed from the previous scan or empty if no previous object exists. | |||
| PrevObjectSize | Integer | The size of the object in bytes from the previous scan. 0 if no previous object exists. | |||
| PrevObjectOwner | String | The owner of the object from the previous scan. Empty string if no previous object exists. | |||
| PrevObjectMTime | Datetime | The modification time (mtime) of the object from the previous scan or empty if no previous object exists. (YYYY-MM-DDThh:mm:ss) | |||
| PrevObjectDigest | String | The calculated digest (checksum) value from the previous scan. Empty string if no previous object exists. | |||
| PrevObjectAttributes | Integer | The attributes of the object from the previous scan as bit-wise integer value. 0 if no previous object exists. |
Please refer to The Web User Interface (UI) → File Integrity Monitoring page in this User Guide for instructions on how to configure periodic FIM scans in the Snare Agent.
...