Skip to main content

Integrity Monitoring default rules

Default rules for the GravityZone Integrity Monitoring module are grouped into the following categories:

  • Application rules. Download the list of supported default application rules:

  • Operating system rules. Download the list of supported default OS rules:

For each default rule you can view in the corresponding list these details:

  • Rule name

  • Entity type (file, directory, registry key, registry value, installed software, services)

  • Entity path (on Windows or Linux)

  • Entity attributes

Attributes refer to actions taken on the specified entities that generate events on endpoints and are reported by Integrity Monitoring. Attributes can be:

Attribute

Description

created

The entity has been created.

last_modified

The timestamp when the entity was last modified.

attributes

The entity attributes have been changed.

permissions

The permissions for the entity have been changed.

owner

The owner of the entity has changed.

group

The group to which the owner belongs has changed.

hash

The entity hash has changed.

size

The entity size has changed.

renamed

The entity has been renamed.

deleted

The entity has been deleted.

publisher

The software publisher.

installed_date

The date the software was installed.

installed_location

The installation location.

version

The version of the software.

subkeys

The registry's key subkeys have been changed.

image_path

The image path of a service has been modified.

groups

The groups in which the user belongs to.

Supported attributes based on entity type and operating system:

Entity type

Supported attributes on Windows

Supported attributes on Linux

File

  • created

  • deleted

  • renamed

  • last_modified

  • attributes

  • hash

  • size

  • created

  • renamed

  • last_modified

  • hash

  • size

  • permissions

  • owner

  • group

Directory

  • created

  • deleted

  • renamed

  • attributes

  • created

  • renamed

  • permissions

  • owner

  • group

RegistryKey

  • created

  • deleted

  • subkeys

  • values

-

RegistryValue

  • created

  • deleted

  • last_modified

  • size

  • hash

-

InstalledSoftware

  • created

  • deleted

  • version

  • publisher

  • size

  • installed_date

  • installed_location

  • created

  • version

  • size

  • publisher

Services

  • created

  • deleted

  • image_path

  • created

Users

  • created

  • deleted

  • created

  • deleted

  • groups