Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
flunaibarra
Staff
Staff

Created on ‎08-19-2025 01:06 AM Edited on ‎08-29-2025 12:08 AM By Moderator

Article Id 407101

Troubleshooting Tip: Windows Agent Template -> File Integration Monitoring

Description This article describes how to troubleshoot the File Integration Monitoring on a Windows Agent template configuration.
Scope Windows Agent v4.x.x - v7.3.x.
Solution

Prerequisites:

 

FIM Template configuration:

File/Directory: Should only point to a File name including extension or a Folder name.

 

Template.png

 

For the rest of the configuration options, see Define the Windows Agent Monitor Templates Guide:  
Configuring Windows Agent - FortiSIEM user guide.

 

Troubleshooting: 

If the file name or folder path entered in the template configuration is incorrect, an event type AO-WUA-FileMon-Target-Missing will be created to alert.

 

Missing_target.png

 

If the file or folder name is configured correctly, but FIM events are not generated/uploaded. Ensure the File Auditing and File System Auditing Policies are configured as the External Configuration indicated: Microsoft Windows Server via Agent.

 

To filter only the FIM events in Analytic Query, use:

  • Raw Event Log.
  • CONTAIN.
  • AccelOps-WUA-FileMon.

 

Query1.png
100
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.