On the prod server, we noticed that the file Standalone-full-ha.xml was deleted and then got restored by chef to original state. I am not sure how this happened but there was a backup folder created in the standalone_xml_history folder with the timestamp and Standalone-full-ha.v1.xml got backed up in the timestamped directory. I have compared the changes of this file to the file that chef re-created and there is no difference. This has happened multiple times.
Few things we verified -
Identity Manager non-vAPP
The logs show no indication of what may have caused standalone files to be manipulated. Aside from the installation software, the deployed Identity Manager application contains no code whatsoever that can execute an rm, mv or other similar linux commands.
IDM non-VAPP does not have any such hooks into the filesystem, nor does it have the ability to stop or start the server.
It seems that the issue is occurring at either an application server (Wildfly/JBoss) level or at the O/S level, or possibly via the chef integration, and you may want to engage your app server and O/S teams for a deeper investigation.