Capsule8 Docs
Capsule8 Docs
Help

Integrity Strategies

Integrity defines a family of strategies containing policies that guard against unauthorized modifications of system properties.

For example, Integrity can help you discover modification of binaries or configuration files.

How to create an Integrity Strategy

  • Hardware Integrity: Any technique involving unwanted hardware modifications
  • Filesystem Integrity: Any technique jeopardizing the integrity of files/directories.
  • Generic: Any exploitation technique not falling within the above categories

Policy types

Filesystem Integrity

Strategy Description
file Monitors calls to create files and generates alerts for creation of file names in disallowed locations
fileMonitor Monitors calls to create, link, modify, rename or delete to files and generates alerts upon violation of policy specified by path, operation type or program performing the operation

Default Integrity Strategies

Strategy Name Strategy Type
Container Escape - File fileMonitor
Cron File Changes fileMonitor
Process Injection - File fileMonitor
SSH Pubkey Added filemonitor