Contents x
    File Integrity Monitoring
    • 14 Feb 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    File Integrity Monitoring

    • Updated on 14 Feb 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article Summary

    FIM_HIT

    A file, directory or registry key being monitored by File & Registry Integrity Monitoring has been modified.

    Platforms:

    Sample Event:

    {
  "PROCESS": {
    "MEMORY_USAGE": 25808896,
    "TIMESTAMP": 1541348299886,
    "COMMAND_LINE": "\"C:\\WINDOWS\\regedit.exe\" ",
    "THIS_ATOM": "9db1151f5c643e547110c3d57838316e",
    "PROCESS_ID": 4340,
    "THREADS": 3,
    "USER_NAME": "BUILTIN\\Administrators",
    "FILE_PATH": "C:\\WINDOWS\\regedit.exe",
    "BASE_ADDRESS": 140698122256384,
    "PARENT_PROCESS_ID": 6260
  },
  "REGISTRY_KEY": "\\REGISTRY\\MACHINE\\SOFTWARE\\ActiveState\\New Value #1",
  "PROCESS_ID": 4340
}
    Was this article helpful?
    What's Next