One of the things that AlienVault can do is to monitor the file integrity. To do that, you have to install ossec agent on the servers that you want to monitor. ossec is an open sourced HIDS (Host Intrusion Detection System) tool.
Here is how I use AlienVault to monitor some folders(files) on a Windows server.
1) Create a new Windows host in the Asset section through AlienVault web UI. (Don’t forget to click ‘Apply’).
2) Install the ossec agent on the Windows server. Just simply follow the installation wizard.
3) ssh to the AlienVault server with your root or sudo account, then run the command: /var/ossec/bin/manage_agents
4) Type ‘A’. Then input the name, IP address of the agent (here it means the Windows server), and press Enter to accept the default ID number. After that, type ‘L’ to confirm the agent has been added into the server.
5) Type ‘E’ and input the ID number of the agent to generate a key for it.
6) Copy the key and paste it into the agent installed on the Windows server, and add the AlienVault server IP address.
7) Start the ossec service.
8) To test it: Add a new line ‘#ossec agent file integrity check test’ in the file ‘C:\WINDOWS\System32\drivers\etc\hosts’ on the Windows server. Then go to the AlienVault web UI, and navigate to SIEM under Analysis section. A message ‘ossec: Integrity checksum changed.’ will be displayed once the modification has been detected.