Can anyone help on docs / suggestions on how to setup FIM for windows.
I Was able to follow things related to https://www.kolide.com/blog/how-to-set-up-windows-file-integrity-monitoring-using-osquery-and-kolide
thanks to @fritz
but unsuccessful in implementing them and events are not consistent as expected!
I am using osquery 5.5.1 and used following flags,
with the query
SELECT * FROM ntfs_journal_events;
Is there a way to implement FIM for windows to capture FIM process information. like the process that made the file modification!