# Our Features

{% hint style="info" %}
**Note:** Four Clover is not limited by the features shown here. We are constantly exploring new use cases to improve the functionality and performance of our tool.
{% endhint %}

## File Integrity Monitoring

Four Clover employs a vigilant and proactive approach to file integrity monitoring, ensuring the security and authenticity of files and directories within a system. The tool achieves this through the following steps:

<figure><img src="/files/PGlPkg9MTfICjk84Ge6a" alt=""><figcaption></figcaption></figure>

1. **Hash-Based Verification:**
   * Four Clover calculates hash values (digests) of files using selected cryptographic hash algorithms (e.g., sha256, md5).
   * These hash values are unique representations of the file's content. Even a minor change in the file content results in a significantly different hash value.
2. **Initial Scan and Baseline Creation:**
   * During the initial scan, Four Clover computes hash values for all files in the specified directories.
   * These computed hash values create a baseline or "fingerprint" for each file, representing their original and unaltered state.
3. **Continuous Monitoring:**
   * Four Clover regularly rescans the specified directories, recalculating hash values for all files.
   * It compares the newly computed hash values with the baseline hash values.
4. **Change Detection:**
   * If the computed hash value of a file differs from its baseline hash value, Four Clover detects a change.
   * This change could be due to unauthorized modifications, tampering, or any form of alteration.
5. **Alerts and Reporting:**
   * When a change is detected, Four Clover generates alerts or notifications to inform administrators or security personnel.
   * Detailed reports are generated, outlining the nature of the change, affected files, and relevant metadata.
6. **Comparative Analysis:**
   * Four Clover allows users to compare scan reports to identify changes between different timeframes.
   * This feature aids in identifying trends, patterns, and discrepancies in file changes.

### **Supported Hash Algorithms for File Verification:**

Four Clover supports a diverse range of cryptographic hash algorithms for file verification, including but not limited to:

* blake2b-256
* blake2b-512
* sha256
* sha1
* md5

Users can choose the hash algorithm that aligns with their security requirements and performance considerations. Selecting a strong hash algorithm enhances the tool's ability to detect unauthorized changes effectively.

{% content-ref url="/pages/sb46kKBVXnc4pqOCKyND" %}
[Performing Scans on Directories and Files](/v0.1/tool-guides/performing-scans-on-directories-and-files.md)
{% endcontent-ref %}

## **Comparative Analysis**

<figure><img src="/files/zzXgAen1RVjeS4meyodg" alt=""><figcaption></figcaption></figure>

Comparing two scan reports using Four Clover allows you to identify changes and modifications that have occurred between different scans. Here's how you can perform a comparative analysis and understand the comparison report:

{% content-ref url="/pages/QrmbNxLkw16nmdaQUnX2" %}
[Initiating a Comparison](/v0.1/tool-guides/initiating-a-comparison.md)
{% endcontent-ref %}

## **Policy-Based Scanning**

<figure><img src="/files/AdxwRT0f7BWEdBUi0Jub" alt=""><figcaption></figcaption></figure>

Policy-based scanning in Four Clover allows you to establish predefined sets of rules and conditions for scans, enabling automated checks for compliance and security. Here's how you can define policies, create policy files, and perform scans based on those policies:

### **Defining Policies:**

* Policies consist of rules that define specific conditions files must adhere to.
* Define policies based on your organization's security requirements and compliance standards.

### **Creating Policy Files:**

* Create policy files using YAML format, specifying rules and their attributes.
* Each policy file contains multiple rules that are applied during scanning.

### **Specifying Conditions with Rules:**

* Each rule within a policy file defines conditions that files must meet.
* Simple rule type simplifies the rule definition process by focusing on simple pattern matching with predefined patterns. It's more streamlined and easier to set up, making it suitable for cases where you have a well-defined set of patterns you want to check for in your file. This type of rule is more suitable when you're looking for a quick and straightforward way to catch common issues or vulnerabilities without the need for extensive customizations.

{% hint style="info" %}
**Note:** The rule type is not limited to "Simple". We are working on incorporating complex rule types.
{% endhint %}

{% content-ref url="/pages/zMOavHhE84HS9EbMGDBq" %}
[Performing Scans Based on Policies](/v0.1/tool-guides/performing-scans-based-on-policies.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fourclover.org/v0.1/overview/our-features.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.