I have a regulatory requirement to implement file integrity monitoring, however, I am deploying my application on Azure Web App Services, and all third party FIM tools require the installation of an agent. This isn't possible as the OS is abstracted in the Azure web app service.
In Azure Security Center, I can see the File Integrity(FIM) Monitoring but it is only working for VM. is there any way to work FIM for App Service?
thanks
On
Resource level and code-level changes can be tracked using Application change analysis and act like a FIM. https://sakaldeep.com.np/1201/can-application-change-analysis-act-as-fim-for-azure-app-service
On
According to the docs, Azure App Service natively includes Microsoft Defender for Cloud, which includes File Integrity Monitoring.
AFAIK, this is abstracted due to the sandbox restriction. As File Integrity Monitoring (FIM), also known as change monitoring, examines files and registries of operating system. This access is not there.
https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox