I have enable FIM_HIT event collection and have the necessary addon enabled for my organisation, still the FIM_HIT event doesnt show upon the timeline. This is my FIM rule. Any guidance is appreciated
The FIM config can take about 10 minutes to sync down to the sensor. Can you confirm you waited enough time? If so, the other thing to do would be to issue a history_dump command to the sensor after you’ve modified the file, this will send all the FILE_* events to the cloud so you can take a look to confirm the FILE_ event modifying the file is there. This is a good first step because the FIM engine uses those events to generate the FIM hits.
I am new to lima Charlie and i did wait for few minutes. How do you issue history dump command through console in Lima, I am bit confused about the format. Initially I did get an fimhit. I started facing issues after i updated the windows where the FIM_HIT were no longer on the timeline
This is the command: Reference: Endpoint Agent Commands
You can issue it by going to your Orgs → Sensors → → Left Menu: Console.
Will look like:
@maximelb
Any help in this, because all other events are being detected but not the FIM_HIT ones. I forgot to mention this, I actually did get a FIM_HIT once before i updated the windows. After updating, i encountered an issue in sign in where two accounts with same name was displayed. Ever since i got this, FIM HIT stopped tripping, even after i resolved the above issue, FIM_HIT stopped appearing in senor’s timeline. All the other events are displayed properly
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.