File Integrity Monitor matches can be consumed in two ways: Reports and Alerts.
To be alerted about File Integrity Monitor matches, configure a new Integration from the Administration page.
Select send "file integrity monitor matches" and the appropriate activity monitor:
In this example of email alerts, you will receive an email similar to the one shown below:
File integrity monitors can be created that match a tremendous amount of activity. Receiving an alert for every single match would overwhelm most of your alert consuming systems, so we batch these alerts. The rough strategy for batching is to send an alert:
- When the monitor first matches activity, then
- No more than one alert per 10 minutes.