1. Home
  2. Mapping Frameworks
  3. Azure Home
  4. File Integrity Monitoring

Azure file_integrity_monitoring Mappings

File integrity monitoring (FIM), also known as change monitoring, examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. File Integrity Monitoring (FIM) informs you when changes occur to sensitive areas in your resources, so you can investigate and address unauthorized activity.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
file_integrity_monitoring File Integrity Monitoring detect significant T1053 Scheduled Task/Job
file_integrity_monitoring File Integrity Monitoring detect partial T1053.001 At (Linux)
file_integrity_monitoring File Integrity Monitoring detect partial T1053.002 At (Windows)
file_integrity_monitoring File Integrity Monitoring detect partial T1053.003 Cron
file_integrity_monitoring File Integrity Monitoring detect partial T1053.005 Scheduled Task
file_integrity_monitoring File Integrity Monitoring detect partial T1053.006 Systemd Timers
file_integrity_monitoring File Integrity Monitoring detect minimal T1098 Account Manipulation
file_integrity_monitoring File Integrity Monitoring detect partial T1098.004 SSH Authorized Keys
file_integrity_monitoring File Integrity Monitoring detect partial T1547 Boot or Logon Autostart Execution
file_integrity_monitoring File Integrity Monitoring detect partial T1547.001 Registry Run Keys / Startup Folder
file_integrity_monitoring File Integrity Monitoring detect partial T1547.002 Authentication Package
file_integrity_monitoring File Integrity Monitoring detect partial T1547.003 Time Providers
file_integrity_monitoring File Integrity Monitoring detect partial T1547.004 Winlogon Helper DLL
file_integrity_monitoring File Integrity Monitoring detect partial T1547.005 Security Support Provider
file_integrity_monitoring File Integrity Monitoring detect partial T1547.006 Kernel Modules and Extensions
file_integrity_monitoring File Integrity Monitoring detect partial T1547.008 LSASS Driver
file_integrity_monitoring File Integrity Monitoring detect partial T1547.009 Shortcut Modification
file_integrity_monitoring File Integrity Monitoring detect partial T1547.010 Port Monitors
file_integrity_monitoring File Integrity Monitoring detect partial T1547.012 Print Processors
file_integrity_monitoring File Integrity Monitoring detect partial T1037 Boot or Logon Initialization Scripts
file_integrity_monitoring File Integrity Monitoring detect partial T1037.001 Logon Script (Windows)
file_integrity_monitoring File Integrity Monitoring detect partial T1037.003 Network Logon Script
file_integrity_monitoring File Integrity Monitoring detect partial T1543 Create or Modify System Process
file_integrity_monitoring File Integrity Monitoring detect partial T1543.002 Systemd Service
file_integrity_monitoring File Integrity Monitoring detect partial T1543.003 Windows Service
file_integrity_monitoring File Integrity Monitoring detect partial T1546 Event Triggered Execution
file_integrity_monitoring File Integrity Monitoring detect partial T1546.001 Change Default File Association
file_integrity_monitoring File Integrity Monitoring detect partial T1546.002 Screensaver
file_integrity_monitoring File Integrity Monitoring detect partial T1546.004 .bash_profile and .bashrc
file_integrity_monitoring File Integrity Monitoring detect partial T1546.007 Netsh Helper DLL
file_integrity_monitoring File Integrity Monitoring detect partial T1546.008 Accessibility Features
file_integrity_monitoring File Integrity Monitoring detect partial T1546.009 AppCert DLLs
file_integrity_monitoring File Integrity Monitoring detect partial T1546.011 Application Shimming
file_integrity_monitoring File Integrity Monitoring detect partial T1546.012 Image File Execution Options Injection
file_integrity_monitoring File Integrity Monitoring detect partial T1546.013 PowerShell Profile
file_integrity_monitoring File Integrity Monitoring detect minimal T1546.010 AppInit DLLs
file_integrity_monitoring File Integrity Monitoring detect minimal T1546.015 Component Object Model Hijacking
file_integrity_monitoring File Integrity Monitoring detect minimal T1574 Hijack Execution Flow
file_integrity_monitoring File Integrity Monitoring detect partial T1574.006 LD_PRELOAD
file_integrity_monitoring File Integrity Monitoring detect minimal T1137 Office Application Startup
file_integrity_monitoring File Integrity Monitoring detect partial T1137.002 Office Test
file_integrity_monitoring File Integrity Monitoring detect minimal T1548 Abuse Elevation Control Mechanism
file_integrity_monitoring File Integrity Monitoring detect minimal T1548.002 Bypass User Account Control
file_integrity_monitoring File Integrity Monitoring detect partial T1548.003 Sudo and Sudo Caching
file_integrity_monitoring File Integrity Monitoring detect partial T1556 Modify Authentication Process
file_integrity_monitoring File Integrity Monitoring detect partial T1556.002 Password Filter DLL
file_integrity_monitoring File Integrity Monitoring detect partial T1556.003 Pluggable Authentication Modules
file_integrity_monitoring File Integrity Monitoring detect minimal T1003 OS Credential Dumping
file_integrity_monitoring File Integrity Monitoring detect partial T1003.001 LSASS Memory
file_integrity_monitoring File Integrity Monitoring detect partial T1222 File and Directory Permissions Modification
file_integrity_monitoring File Integrity Monitoring detect partial T1222.001 Windows File and Directory Permissions Modification
file_integrity_monitoring File Integrity Monitoring detect partial T1222.002 Linux and Mac File and Directory Permissions Modification
file_integrity_monitoring File Integrity Monitoring detect minimal T1562 Impair Defenses
file_integrity_monitoring File Integrity Monitoring detect minimal T1562.001 Disable or Modify Tools
file_integrity_monitoring File Integrity Monitoring detect minimal T1562.004 Disable or Modify System Firewall
file_integrity_monitoring File Integrity Monitoring detect minimal T1562.006 Indicator Blocking
file_integrity_monitoring File Integrity Monitoring detect partial T1553 Subvert Trust Controls
file_integrity_monitoring File Integrity Monitoring detect partial T1553.003 SIP and Trust Provider Hijacking
file_integrity_monitoring File Integrity Monitoring detect partial T1553.004 Install Root Certificate