Hello Giovanni, you can find the documentation for FIM here: https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/ It seems like the command line is missing the flags required to enable the feature. The

FIM basics in osquery

section in the above link shows which ones need to be passed (for file_events:

--enable_file_events=true --disable_events=false

)