The library of out-of-the-box profiles in Qualys File Integrity Monitoring (FIM), with their preconfigured content, provide a scalable solution to detect and identify critical changes, incidents, and risks resulting from normal as well as malicious events. With the help of these profiles, users can easily track file changes across global systems to comply with the security standards and regulations that are most commonly used and adhered to.
About Qualys FIM Library 1.2.3-9
The Comprehensive Profiles in Qualys File Integrity Monitoring Content Library include a very wide scope of file paths that need to be monitored for any kind of change, resulting in a lot of noise. This necessitates FIM users to sift through a large number of events on a regular basis to arrive at a smaller subset, which includes critical events triggered from the target area of concern. The false positives that are generated because of the Comprehensive Profiles lead to unnecessary resource and time utilization.
The 1.2.3-9 release of Qualys FIM Library deprecates the Comprehensive Profiles and introduces a new and improved set of Lightweight profiles to streamline the monitoring process, hence making it much more efficient.
The December release adds support to four new Monitoring Profiles along with updates to existing profiles in the Qualys FIM Library.
New Monitoring Profiles
The new monitoring profiles that are introduced in this release are specific to the following environments:
- Web Server on Linux
- Apache Tomcat on Windows
- Amazon Linux AMI
With this release, all the profiles in FIM library are enhanced with the following improvements:
- Improved Profile Description
- Expanded scope of monitoring by including
- New rules to monitor updates and modifications in Linux audit system
- New rules to monitor logs and manifest files generated by Qualys agent
- Optimized lightweight monitoring profile for noise reduction on Windows and Linux platforms
- Improved Inclusion and Exclusion filters to optimize agent processing