Monarx

The Files Module Export provides a comprehensive CSV record of all file-related security events detected by the Monarx agent. This export is essential for deep-dive forensic analysis, threat hunting, and maintaining a historical audit trail of server-side activity.

❗ IMPORTANT: Understanding the Log Logic &amp; Scope

1. Chronological Activity: The records listed here are a chronological log of when a file was identified and the specific action Monarx took at that moment. ​
2. Operational Modes: Actions depend on the infrastructure configuration: ​
 - Insights Only (Detect-Only): Monarx identifies and logs threats for visibility but does not modify the filesystem. ​
 - Active Protection (Auto-remediation): Monarx automatically neutralizes threats (e.g., Quarantining) in real-time. ​
3. Monarx-Exclusive Reporting: This report is strictly a log of actions taken by the Monarx agent. If a file is removed or modified by a third party (such as a system administrator, manual user intervention, or another security tool), those actions will not be recorded or reflected here. ​
4. Not a Live Snapshot: This export should be utilized as an audit trail of Monarx’s interventions and should not be used as a live report of the files currently residing on the disk.

Understanding the Files Module Export

Find answers and get help from Intercom Support and Community Experts

Conversations you've started through the messenger will appear here.

No conversations created by you

Try using different keywords or checking for typos.

No conversations found

Title

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search results

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Column Name	Description	Forensic Utility
agentId	The unique UUID assigned to the specific server or endpoint where the activity was detected.	Used to pivot between the export and the Monarx dashboard for a specific host.
name	The base name of the file (e.g., `wp-login.php` or `1.php`).	Quick identification of the file involved in the event.
path	The absolute directory path where the file is located on the filesystem.	Essential for identifying compromised CMS installations or user accounts.
sha256	The SHA-256 cryptographic hash of the file content.	Use this to search external databases (like VirusTotal) or for internal IOC blacklisting.
action	The operation performed by Monarx (e.g., `Quarantined`, `Blocked`, `Cleaned`, or `Logged`).	Indicates the current state of the threat and the effectiveness of the protection policy.
fileOwner	The system user (UID/Username) that owns the file on the server.	Helps pinpoint which user account or site has been compromised or misused.
classification	The broad category of the detection (e.g., `Malicious`, `Suspicious`, or `PUA`).	Provides an immediate high-level risk assessment of the entry.
malwareTypes	Specific threat tags assigned to the file (e.g., `Webshell`, `Skimmer`, `Uploader`).	Defines the "nature" of the attack (e.g., data exfiltration vs. persistence).
url	The specific URL or request path that triggered the file activity (if applicable).	Links a filesystem change to a specific web-based attack vector.
clientIP	The remote IP address that initiated the request associated with the event.	Critical for identifying the source of the attack and performing IP-based blocking at the firewall.
auditCreated	The timestamp (UTC) indicating when the event was recorded by the Monarx system.	Used for chronological reconstruction of an incident or "blast radius" analysis.

Understanding the Files Module Export

Data Column Definitions