Can anyone help on docs / suggestions on how to setup FIM for windows. I Was able to follow things related to https://www.kolide.com/blog/how-to-set-up-windows-file-integrity-monitoring-using-osquery-and-kolide thanks to @fritz but unsuccessful in implementing them and events are not consistent as expected! I am using osquery 5.5.1 and used following flags,

--disable_events=false
--enable_ntfs_event_publisher=true

with the query

SELECT * FROM ntfs_journal_events;

Is there a way to implement FIM for windows to capture FIM process information. like the process that made the file modification!