Does BigFix have the capability to perform integrity monitoring of system binaries or sensitive files? For example, can I set up a rule that says “file abc.dll cannot change” or more specifically it’s size or modified date cannot change?
Though the immediate need based on that post has been met, I would still be interested for potential future needs in what kind of solution BigFix can provide so such file integrity monitoring.
Though the immediate need based on that post has been met, I would still be interested for potential future needs in what kind of solution BigFix can provide so such file integrity monitoring.
Thanks
What was the outcome for this? I’m interested too.
While this is not present in the default content, it would be easy enough to create fixlets to check individual files (and is a common use-case for monitoring configuration files).
On a larger scale, a task to deploy fciv or yara scans and compare results over time would also be feasible.
As Jason noted, it’s most efficient using fciv or yara scans in conjunction with custom content if you have an extensive list of files.
However, if you have a small list and are ok with BigFix checking those files just several times a day you can use something like the relevance below in an analysis to show compliant or non-compliant files. There are ways to modify this to point at a folder of files, etc - but it’s more expensive on Agent time.
if size of file “c:\test\test.txt” = 30 and sha256 of file “c:\test\test.txt” = “7e57ae19612ab75b543946d36bf8b40e0c7388a3fc671edb69b37829af225479” then (“Compliant”) else (“Non-Compliant”)