Disable / Pause and Restore FIM Monitoring

In this topic:

    Disable / Pause FIM Monitoring

    Note: When a FIM policy is disabled, it means that the monitoring is paused and no FIM alerts will be triggered for all agents that are attached to this security group. Please refer to: Create / Edit a FIM Policy in order to modify an existing FIM monitoring policy.

    1. Navigate to Agent Security Groups page under Network security.
    2. Select a Dome9 agent security group, navigate to the File Integrity Monitoring tab, and select 'Disable / Pause FIM For This Group'
      image2017-4-13_15-44-43.png
    3. Click OK on the Disable approval popup.
    4. Wait for the Approval notification
      image2017-4-13_15-53-10.png
    5. From that moment all of the Agents that are attached to this security group will not perform FIM scans.

    Restore a disabled FIM Policy (Reactivate monitoring)

    Note: When Restoring a FIM policy the meaning is that the monitoring is re-enabled and from that moment FIM alerts will be triggered if files were modified.

    1. Navigate to Agent Security Groups page under Network security.
    2. Select a Dome9 agent security group that previously had an enabled FIM policy, navigate to the File Integrity Monitoring tab, and select 'Enable FIM For This Group'
      image2017-4-13_16-26-30.png
    3. Select "Restore Last policy" to get the last saved policy that were enabled on this security group.
      image2017-4-13_16-29-10.png
    4. Click on Save FIM Policy
    5. The FIM policy is enabled and the scans will be performed according to the defined Scan Frequency.