If the File Integrity Monitoring (FIM) logs aren't going to be centralized in the administrative console, enhance the existing endpoint FIM logging to the Windows Event Viewer by populating the FIM event details (file name, location, action) in the General tab of the event (instead of only in the Details view). Also, create useful Event IDs, Event Sources, and Task Categories to allow for filtering locally and advanced parsing by SIEM solutions.