File Path Pattern Matching for File Integrity Monitoring

When configuring a File Integrity Monitoring (FIM) rule, you can specify certain wildcard characters in designated file paths to be excluded from monitoring.

Descriptions of the most common wildcard patterns along with some examples are listed below.

Wildcard Description Example of Pattern Example of Matches
?
Matches any single character, except a path separator ?at cat, bat
*
Matches zero or more characters up to the end of the next path separator *.txt Matches any file that ends in ".txt" in a monitored directory
**
Matches zero or more files to any directory depth **.txt Matches any file that ends in ".txt" in a monitored directory, and any of its subdirectories 
[abc]
Matches one character given in the bracket [CB]at Cat or Bat
[a-z]
Matches one character from the (locale-dependent) range given in the bracket Letter[0-1] Letter0, Letter1
[!abc]
Matches one character that is not given in the bracket [!C]at bat, cat
[!a-z]
Matches one character that is not from the range given in the bracket Letter[!3-5] Letter1, Letter2

Note

The file path separator for Windows is "\" and "/" for Linux.

Was this article helpful?
0 out of 0 found this helpful