<< PREVIOUSNEXT >> 

 

FILE SYSTEM MONITORING (FSM)


 

File System Monitoring (FSM) feature of VSP monitors critical file system resources for any access violation. Any file addition, modification or deletion is detected by VSP and pre-configured actions can be automatically triggered to restore the file system to its original state. The below diagram depicts the FSM workflow:

 

Picture 1073742282

Figure - FSM Workflow

 

  1. Generate Action: Generation of specific protection actions for the below four event types are optional: (Refer Section Generate Action (Optional) for more information)

    1. New File

    2. File Renamed

    3. File Removed

    4. File Modified

  2. Create Protection Profile: A protection profile with File System Monitoring enabled must be created. If actions are created for the file events, associate them with the profile (Refer Section Create Protection Profile for more information)

     

      NOTE:

      Other features can also be enabled in the same profile

    Picture 215

  3. Create Application and Associate Profile: Create the application and associate the profile that has File System Monitoring enabled. Ensure that the below parameters are specified along with other fields: (Refer to Section Application Creation in CMS  in Workload Onboarding topic for information on Application Creation)

     

    SL NO

    Library Name

    Application Deployment Folder

    (For FSM only) Location where the application is deployed. Eg: /opt/tomcat/webapps

    Configuration Path Folder

    (For FSM only) Location of the configuration files. Eg: /opt/tomcat/conf

    Application Exclusion List

    (For FSM only) List of directories to be excluded from FSM separated by comma. Eg: /opt/tomcat/logs,/opt/tomcat/work

    Additional Folders

    (For FSM only) List of additional directories to be included for FSM. Log files, database files, system files or any such files which are expected to change frequently can be added to the Exclusion list

    Eg: /opt/virsec/ArmasProbe

    Table - FSM specific Attributes process Collective Details

     

  4. Secure Application: Post configuration, the application can be secured.

  5. Monitor Application: Once the application is secured, VSP monitors the configured folder structures. Any changes detected are reported on:

    1. File Integrity Failure Tile: It shows the list of detected incidents in the file system

      Picture 1038

    2. File Events: Navigate to File Events under Monitor in the left navigation pane to view the details of the modifications in the file system. Refer Page File Events for more information

      Picture 1034

 

<< PREVIOUSNEXT >>