BMC Defender File Integrity Monitor Adapter quick start

The remainder of this space deals with the various detailed aspects of the BMC Defender FIM Adapter in detail. For those users who want a quick start, the following information gets the BMC Defender FIM Adapter up and running as quickly as possible on a Windows platform:

• The BMC Defender FIM Adapter is included in the BMC Defender Server distribution in the installationDirectory\s-doc directory, with the name fi-agent.exe. This is a signed and self-extracting zip file.
• At the managed platform, after downloading the appropriate BMC Defender FIM Adapter package, the operator executes the self-extracting WinZip file and extracts files to the desired location that, by default, is the C:\installationDirectory of the platform.
• When the files get extracted, the FMON agent installation dialog automatically starts. You need to provide only one argument to the installation dialog, that is the destination hostname or IP address of the syslog server running on the network. (This generally is the hostname or IP address of the platform running the BMC Defender Server software.)
• When the dialog finishes, the BMC Defender FMON agent is installed and started. You can check the syslog file of the destination host to verify that a syslog message was correctly sent and received. The platform needs no reboot.
•  You can optionally configure each FMON Agent at the BMC Defender Server by clicking the IP address hyperlink of the device anywhere within BMC Defender and then click BMC Defender FIM Adapter. (See CO-Fmon-configuration-file.)

The entire installation steps, outlined here, usually takes about one minute or so to complete for each managed platform. An administrator type login is required. If the installation fails, (for instance, the installer mistypes the destination hostname or IP address) the installation procedure can rerun without running the uninstall program.

Overview of the FIM fast-start workflow

Once the BMC Defender FMON agent installs, a simple workflow is used to maintain the integrity of files:

• At periodic intervals, messages are generated on the system indicating the status of files on a managed system. You can see these indications by looking for the summary status of file scans and individual messages indicating that files have been added, deleted, or changed. This might include the generation of tickets and e-mail notifications when files are changed.
• When a file change indication is received, you can click down on the IP address of the remote device (appearing anywhere in BMC Defender) and then click on the BMC Defender FIM Adapter hyperlink on the Device Information screen. This displays the BMC Defender FIM Adapter screen (discussed in Remotely-configuring-BMC-Defender-File-Integrity-Monitor-Adapter.)
• On the BMC Defender FIM Adapter screen, you can inspect the list of changes by clicking the View File Change List hyperlink at the upper left corner of the screen.
• The operator resolves any differences in the file system by removing or installing files on the managed system.
• The operator creates a new image file by clicking Config of the BMC Defender FIM Adapter screen and then clicking Create New Image File. This causes a new image file to be generated that includes any changes accepted by the operator.

This process is the typical workflow of the operator used to resolve changes to files on the managed platform. Other workflows (such as automatically generating new Image Files for the target platform) are also available. They depend on the requirements of the organization.

Following sections describe various other features, adaptations, customizations, and applications associated with the BMC Defender FIM Adapter system, in detail. The reader is encouraged to experiment with the system. In particular, almost all the information required to understand the essentials of the BMC Defender FIM Adapter system has been explained. You can now begin monitoring your system file integrity information.