Honeycomb Lexicon File Integrity Monitor (FIM)
You can use the Honeycomb Lexicon File Integrity Monitor (FIM) DSM with JSA to collect detailed file integrity events from your network.
JSA supports syslog events that are forwarded from Lexicon File Integrity Monitor installations that use Lexicon mesh v3.1 and later. The syslog events that are forwarded by Lexicon FIM are formatted as Log Extended Event Format (LEEF) events by the Lexicon mesh service.
To integrate Lexicon FIM events with JSA, you must complete the following tasks:
On your Honeycomb installation, configure the Lexicon mesh service to generate syslog events in LEEF.
On your Honeycomb installation, configure any Lexicon FIM policies for your Honeycomb data collectors to forward FIM events to your JSA console or Event Collector.
On your JSA console, verify that a Lexicon FIM log source is created and that events are displayed on the Log Activity tab.
Optional. Ensure that no firewall rules block communication between your Honeycomb data collectors and the JSA console or Event Collector that is responsible for receiving events.