What does Integrity Monitoring use to compare the current condition of an object?

Integrity Monitoring uses an existing baseline to compare the current condition of an object. A baseline represents a known and trusted state of the system or files at a specific point in time. This baseline is established during a secure configuration process and serves as a reference for future comparisons.

When Integrity Monitoring is implemented, it analyzes files, configurations, or system states against this defined baseline. If any discrepancies or unauthorized changes are detected, it can alert administrators to potential security incidents or breaches. The effectiveness of Integrity Monitoring hinges on having this baseline to accurately determine what is considered 'normal' versus 'unexpected'.

Real-time events would not provide a consistent reference point for comparison, as they constantly change and do not capture a static state. A log file does record events but is not utilized for direct comparison to assess integrity; instead, it typically documents activities or changes after they occur. Firewall settings pertain to network security and do not have relevance in assessing the integrity of files or system configurations.