FILE SYSTEM MONITORING (FSM)
File System Monitoring (FSM) feature of VSP monitors critical file system resources for any access violation. Any file addition, modification or deletion is detected by VSP and pre-configured actions can be automatically triggered to restore the file system to its original state. The below diagram depicts the FSM workflow:
Figure - FSM Workflow
-
Generate Action: Generation of specific protection actions for the below four event types are optional: (Refer Section Generate Action (Optional) for more information)
-
New File
-
File Renamed
-
File Removed
-
File Modified
-
-
Create Protection Profile: A protection profile with File System Monitoring enabled must be created. If actions are created for the file events, associate them with the profile (Refer Section Create Protection Profile for more information)
NOTE:
Other features can also be enabled in the same profile
-
Create Application and Associate Profile: Create the application and associate the profile that has File System Monitoring enabled. Ensure that the below parameters are specified along with other fields: (Refer to Section Application Creation in CMS in Workload Onboarding topic for information on Application Creation)
SL NO
Library Name
Application Deployment Folder
(For FSM only) Location where the application is deployed. Eg: /opt/tomcat/webapps
Configuration Path Folder
(For FSM only) Location of the configuration files. Eg: /opt/tomcat/conf
Application Exclusion List
(For FSM only) List of directories to be excluded from FSM separated by comma. Eg: /opt/tomcat/logs,/opt/tomcat/work
Additional Folders
(For FSM only) List of additional directories to be included for FSM. Log files, database files, system files or any such files which are expected to change frequently can be added to the Exclusion list
Eg: /opt/virsec/ArmasProbe
Table - FSM specific Attributes process Collective Details
-
Secure Application: Post configuration, the application can be secured.
-
Monitor Application: Once the application is secured, VSP monitors the configured folder structures. Any changes detected are reported on:
-
File Integrity Failure Tile: It shows the list of detected incidents in the file system
-
File Events: Navigate to File Events under Monitor in the left navigation pane to view the details of the modifications in the file system. Refer Page File Events for more information
-