NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 4.0 Security Operations

File integrity monitoring (FIM)

A system that detects unauthorized changes to files by hashing them at a known-good moment and comparing later. Examples: AIDE, Tripwire, Samhain, Falco's file-watch rules.

How this shows up at NCAE

Cedarville's blue-team scripts layer AIDE + inotifywait + Falco. A poor person's FIM during competition: `find /etc -type f | xargs md5sum > /root/hashes.baseline` then `md5sum -c /root/hashes.baseline` later.