Most HIPAA audits and compliance frameworks require a file integrity monitoring solution to detect changes to files at the server level. Healthcare Blocks uses the popular, open source Advanced Intrustion Detection Environment (AIDE) utility for this purpose.
AIDE scans are performed daily by AWS Systems Manager. The State Manager page shows the latest status and history.
Scan results are published to a CloudWatch Logs group named /var/log/aide.
The configuration of the AIDE process is managed by an AWS Systems Manager Document named Run-aide.