FAQ: Exceptions for FIM Create, Delete, and Move Events

The App Infrastructure Protection (AIP) Agent depends on inotify to populate FIM events. Due to inotify limitations, AIP cannot provide information about the user that triggers a FIM Create, Delete, or Move event. Additionally, inotify cannot distinguish between events that inotify triggers and events that other processes trigger. As a result, the AIP Linux Host 1.x and 2.x+ series Agents will not provide the following information for FIM Create, Delete, or Move events:

  • containerID
  • containerImage
  • containerLabel
  • gid
  • group
  • pid
  • ppid
  • session
  • uid
Was this article helpful?
0 out of 0 found this helpful