Integrity defines a family of strategies containing policies that guard against unauthorized modifications of system properties.
For example, Integrity can help you discover modification of binaries or configuration files.
How to create an Integrity Strategy
- Hardware Integrity: Any technique involving unwanted hardware modifications
- Filesystem Integrity: Any technique jeopardizing the integrity of files/directories.
- Generic: Any exploitation technique not falling within the above categories
|file||Monitors calls to create files and generates alerts for creation of file names in disallowed locations|
|fileMonitor||Monitors calls to create, link, modify, rename or delete to files and generates alerts upon violation of policy specified by path, operation type or program performing the operation|
Default Integrity Strategies
|Strategy Name||Strategy Type|
|Container Escape - File||fileMonitor|
|Cron File Changes||fileMonitor|
|Process Injection - File||fileMonitor|
|SSH Pubkey Added||filemonitor|