Integrity Monitoring default rules
Default rules for the GravityZone Integrity Monitoring module are grouped into the following categories:
Application rules. Download the list of supported default application rules:
Operating system rules. Download the list of supported default OS rules:
For each default rule you can view in the corresponding list these details:
Rule name
Entity type (file, directory, registry key, registry value, installed software, services)
Entity path (on Windows or Linux)
Entity attributes
Attributes refer to actions taken on the specified entities that generate events on endpoints and are reported by Integrity Monitoring. Attributes can be:
Attribute | Description |
|---|---|
created | The entity has been created. |
last_modified | The timestamp when the entity was last modified. |
attributes | The entity attributes have been changed. |
permissions | The permissions for the entity have been changed. |
owner | The owner of the entity has changed. |
group | The group to which the owner belongs has changed. |
hash | The entity hash has changed. |
size | The entity size has changed. |
renamed | The entity has been renamed. |
deleted | The entity has been deleted. |
publisher | The software publisher. |
installed_date | The date the software was installed. |
installed_location | The installation location. |
version | The version of the software. |
subkeys | The registry's key subkeys have been changed. |
image_path | The image path of a service has been modified. |
groups | The groups in which the user belongs to. |
Supported attributes based on entity type and operating system:
Entity type | Supported attributes on Windows | Supported attributes on Linux |
|---|---|---|
File |
|
|
Directory |
|
|
RegistryKey |
| - |
RegistryValue |
| - |
InstalledSoftware |
|
|
Services |
|
|
Users |
|
|