Overview of BMC Defender File Integrity Monitor Adapter

The BMC Defender FIM Adapter is a compact set of software tools that instrument a Windows Vista, XP, or 20xx operating system to continuously check the integrity of selected files. This permits theBMC Defender SIEM Correlation Server to effectively check whether files have been changed anywhere on a managed Windows platform.

BMC Defender FIM Adapter executes as a separate process on each managed Windows platform. Periodically (every hour by default), this process scans all the files on the system as specified by its configuration file. If any file has gets added, deleted, or modified, the file name is recorded, and a syslog message is sent to the main BMC Defender Server. At the BMC Defender, the operator can create (or recreate) a file image can inspect the list of changed files and can set BMC Defender FIM Adapter parameters.

The BMC Defender FIM Adapter is very lightweight and easy to install. The program should be installed on each Windows platform of interest in an organization or enterprise.

If you are unfamiliar with syslog protocol as a management technique, refer to the BMC Defender User Manual that contains a comprehensive description of the syslog functionality. If you want to get started immediately with the installation of the BMC Defender FIM Adapter, see BMC-Defender-File-Integrity-Monitor-Adapter-quick-start.

BMC AMI Defender for Windows overview

The BMC Defender FIM Adapter is a collection of executables and files that provide extra security at a managed Windows server. BMC Defender FIM Adapter is installed in a fashion similar to the BMC Defender Agent for Windows and BMC Defender Agent for Windows and operates as a standard Windows service. Periodically, the system scans all the files specified by a configuration file and sends syslog messages to the BMC Defender Server when files are added, deleted, or modified on the system.

 At the BMC Defender Server, you can configure the schedule of execution for the process, generate an image file (containing a baseline listing of files), and run on-demand checks of the file system. Additionally, the operator can inspect the list of managed files and any changes detected during the last scan of files.

The BMC Defender FIM Adapter consists of the following parts:

• BMC Defender FIM Adapter —This is a compact but powerful Windows service that is installed on each managed platform. The service periodically scans the file system to detect new, modified, or deleted files and sends syslog messages to the BMC Defender Server when file changes are detected. The service executes on any 20XX server, as well as earlier Windows versions.
• BMC Defender server web interface—This screen is added to the BMC Defender Server and is accessed using the Device Information screen (by clicking the hyperlink of an IP address anywhere within BMC Defender). The screen allows you to view the list of managed files and the status of the BMC Defender FIM Adapter execution.
• BMC Defender remote configuration utility-— This is a stand-alone program that allows you to download and upload the configuration file of the BMC Defender FIM Adapter service, so that batch configuration of these programs can be remotely performed.

These programs are documented in this space, including installation and configuration, along with extra application notes that describe how to perform advanced configuration of the system.