Ensure that 'File Integrity Monitoring' component status is set to 'On'
Why This Matters
File Integrity Monitoring (FIM) detects unauthorized changes to critical system files, which is a common tactic attackers use to establish persistence or move laterally within a compromised environment. Without FIM enabled, your organization may miss early warning signs of a file-based attack on Windows or Linux servers. Enabling FIM provides a critical detection layer that helps reduce the dwell time of a threat actor operating inside your infrastructure.
What Aether365 Checks
Aether365 verifies that the File Integrity Monitoring component status is set to "On" for each Azure subscription connected to Microsoft Defender for Cloud. This check appears in the Aether365 dashboard under the Azure Defender for Cloud checks section.