File Integrity Monitoring

FIM_HIT

A file, directory or registry key being monitored by File & Registry Integrity Monitoring has been modified.

Platforms:

Sample Event:

{
  "PROCESS": {
    "MEMORY_USAGE": 25808896,
    "TIMESTAMP": 1541348299886,
    "COMMAND_LINE": "\"C:\\WINDOWS\\regedit.exe\" ",
    "THIS_ATOM": "9db1151f5c643e547110c3d57838316e",
    "PROCESS_ID": 4340,
    "THREADS": 3,
    "USER_NAME": "BUILTIN\\Administrators",
    "FILE_PATH": "C:\\WINDOWS\\regedit.exe",
    "BASE_ADDRESS": 140698122256384,
    "PARENT_PROCESS_ID": 6260
  },
  "REGISTRY_KEY": "\\REGISTRY\\MACHINE\\SOFTWARE\\ActiveState\\New Value #1",
  "PROCESS_ID": 4340
}