NetScaler Console service

File integrity monitoring

File integrity monitoring enables you to identify if any changes or additions have been made to your NetScaler file system. This feature assesses the integrity of NetScaler files by comparing the binary hash value of your current NetScaler build with the original binary hash linked to the same NetScaler build.

The File Integrity Monitoring section in the Security Advisory dashboard lists the following:

  • Number of issues detected
  • Number of NetScaler instances impacted
  • Date when the last scan was run
  • Impacted NetScaler instances categorized under Critical, High, Medium, and Low severity

File integrity monitoring section

As an administrator, you can allowNetScaler to run the system scans that are scheduled periodically or you can choose to run on-demand scans based on your need.

  • System scan - Scans all managed instances by default. NetScaler Console decides the date and time of system scans and are disabled by default.
  • On-demand scan - You can trigger the scan manually when required. To run the on-demand scan, click Scan now on the security advisory dashboard.

You can click the File Integrity Monitoring section to view detailed information.

File integrity monitoring section

The table displays the following details:

  • IP address - The IP address of the impacted instances.
  • Existing file modified -The list of the existing files that are modified.
  • New files added - The list of new files added.
  • Scan time - The time of the last scan.
  • Host name - The host name of the impacted NetScaler.
  • Modal - The modal name of the impacted NetScaler.

Click the numbers under Existing files modified and New files added to view details.

Points to note

  • Instances supported for File Integrity Monitoring: MPX, VPX instances, and Gateway.

  • The following scan is available for File Integrity Monitoring:

    • File Integrity Monitoring scan: This scan needs the NetScaler Console to connect with the managed NetScaler instance. NetScaler Console does a comparison of the hash values by running a script in NetScaler and collecting the current binary hash values for the NetScaler system files. After the comparison, NetScaler Console provides the result with total number of existing files modified and total number of newly added files. As an administrator, you can contact your organization digital forensics for further investigations on the scan results.
  • The following is the list of unsupported platforms: BLX

File integrity monitoring