Can anyone help on docs / suggestions on how to setup FIM for windows.
I Was able to follow things related to
https://www.kolide.com/blog/how-to-set-up-windows-file-integrity-monitoring-using-osquery-and-kolide
thanks to
@fritz but unsuccessful in implementing them and events are not consistent as expected!
I am using osquery 5.5.1 and used following flags,
--disable_events=false
--enable_ntfs_event_publisher=true
with the query
SELECT * FROM ntfs_journal_events;
Is there a way to implement FIM for windows to capture FIM process information. like the process that made the file modification!