Like a Host rule, a File rule will alert you to file activity in your system. The difference between a Host rule and a File rule is that you need to define the file locations you want to monitor when creating a File rule.
To create a File rule:
1. Select File rule.
2. Choose the severity of the alert (Black).
3. Define a Rule Name (Red).
4. Define an Alert Title (Orange).
5. Define an Alert Description (Yellow), which can be as simple as mirroring the title, or adding more detail.
6. Choose whether you want to Aggregate Fields (Green). More on Aggregates here
7. Choose if you want to group alerts by threshold (Blue). More on Threshold here
8. Click Next: File Paths.
After creating the rule, you must then define the file paths and types to monitor.
1. Define the path of the folder you want to monitor (Red).
2. Define whether you want this folder path to be recursive (Orange).
3. Define whether you want to ignore specific file types from monitoring (Green).
4. Choose which events to monitor. Options are: All, Close, Delete, Create, Open (Blue).