File Path Pattern Matching for File Integrity Monitoring

When configuring a File Integrity Monitoring (FIM) rule, you can specify certain wildcard characters in designated file paths to be excluded from monitoring.

A description of the most common wildcard patterns along with some examples is listed below.

Wildcard Description Example of Pattern Example of Matches
?
Matches any single character, except a path separator ?at cat, bat
*
Matches zero or more characters up to the end of the next path separator *.txt Matches any file that ends in ".txt" in a monitored directory
**
Matches zero or more files to any directory depth **.txt Matches any file that ends in ".txt" in a monitored directory, and any of its subdirectories 
[abc]
Matches one character given in the bracket [CB]at Cat or Bat
[a-z]
Matches one character from the (locale-dependent) range given in the bracket Letter[0-1] Letter0, Letter1
[!abc]
Matches one character that is not given in the bracket [!C]at bat, cat
[!a-z]
Matches one character that is not from the range given in the bracket Letter[!3-5] Letter1, Letter2

Note

The file path separator for Windows is "\" and "/" for Linux.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request