To monitor the created files, create a custom rule that targets the directory:
This rule might cause high number of alerts if the monitored directory is dynamic. Use it carefully.
- On the Deep Security console, go to Policies > Common Objects.
- Navigate to Rules > Integrity Monitoring Rules.
- Click New and select New Integrity Monitoring Rule.
- Go to Content tab.
- Choose File for Template.
- Enter the path on the Base Directory field.
- Enable the Include Sub Directories checkbox.
- On the section Include Files With Names Like, input asterisk (*) to match zero or more characters.
- Click Apply to save the new rule.
Based on the sample above, it will detect any created files under the /test/ directory. The event will look similar to the following: