File Change Monitor
Using ports 445 (TCP) and 445 (UDP), the component monitor performs an MD5 checksum comparison on the file to verify it was not modified. If SAM detects the monitored file was modified, the component monitor remains in a Down state until you recalculate the checksum.
If monitoring a Windows machine, you'll need Windows credentials with read access to the network share and file.
The statistic is the number of hours since the file modification.
Windows credential with read access to the network share and file.
Agent-less or Orion agent for Windows requirements
Implementation of these components relies either on WMI or Windows file share access to the target machine.
Orion agent for Linux requirements
Python implementation leverages native file system access directly from the Python script running locally on the target agent machine. Due to the configuration settings, switching between agent-less and Orion Agent for Linux will not establish a correct connection as the file path in UNC format will not work on a Linux-based computer. For details, see Configure Linux/Unix systems for monitoring by the Orion agent in SAM.