Assuria ALM-FIM

ALM-FIM is a File Integrity Monitoring solution which is part of the same family of products as Assuria's ALM-SIEM forensic SIEM/Log Management solution. ALM-FIM collects and stores meta data about files, folders and registry keys (a.k.a. Nodes) in order to provide the monitoring services. Meta data collected includes details such as: check-sum of the contents, size, permissions, change time, links and other details.

The Nodes to be monitored can be explicitly selected, or they can be selected because they are part of a monitored package. ALM-FIM uses the same definition of packages as the operating system on the computer that it is monitoring. Thus, for example, on MS Windows it uses the installed packages as displayed in the Programs and Features dialog. For Linux it uses the installed .rpm or .deb packages as appropriate.

The solution supports:

• Critical asset monitoring - Monitor selected critical files, folders and registry keys (especially those which should rarely change in normal operations) for any changes which could represent risk. Report and alert on potential issues.
• Monitor Packages - Discover installed packages and automatically monitor, report and alert on changes. Package monitoring is driven by policy templates allowing selective reporting and alerting of key changes.
• Assess and validate changes - ALM FIM can store store the old and new contents of changed text files and registry keys in order to identify and assess the exact changes that have occurred and reverse them if required.
• Regulatory Compliance - File Integrity Monitoring can help with compliance to regulatory standards, including PCI-DSS, GPG-13, FISMA, HIPPA and SOX.