search cancel

DCS File Integrity Monitoring not detecting file modification

book

Article ID: 238293

calendar_today

Updated On:

Products

Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

After implement in the Detection policy a rule to monitor a file modification/update, no event (File Watch) is  received.

 

Cause

Rule options for the filewatch rule, not set properly.

 

Resolution

When editing the Detection policy , the filewatch rule is created with some  rule options. One of the rule options for the filewatch rule is the "Search Depth" setting and if set as 1 (default value) , it will search only in path with a depth of 1.

Search Depth indicates the number of directory levels to monitor.

 

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=/dlF4zXGlA0Y+0QdnWzr9Q==