diff --git a/packages/fim/data_stream/event/agent/stream/file_integrity.yml.hbs b/packages/fim/data_stream/event/agent/stream/file_integrity.yml.hbs
index e5a211125d2..6fc3c980e76 100644
--- a/packages/fim/data_stream/event/agent/stream/file_integrity.yml.hbs
+++ b/packages/fim/data_stream/event/agent/stream/file_integrity.yml.hbs
@@ -5,6 +5,7 @@ paths:
 {{/each}}
 recursive: {{recursive}}
 scan_at_start: {{scan_at_start}}
+force_backend: {{force_backend}}
 hash_types:
 {{#each hash_types as |hash i|}}
   - {{hash}}
diff --git a/packages/fim/manifest.yml b/packages/fim/manifest.yml
index 3b50038faba..5427d11a437 100644
--- a/packages/fim/manifest.yml
+++ b/packages/fim/manifest.yml
@@ -72,6 +72,16 @@ vars:
     required: false
     default:
       - sha1
+  - name: force_backend
+    type: text
+    title: File Event Source
+    description: |
+      Forces a particular event source for file events on Linux. `fsnotify` does not provide
+      user information. Supported types are:
+      `ebpf`, `fsnotify`, `kprobe`.
+    show_user: true
+    required: false
+    default: fsnotify
   - name: max_file_size
     type: text
     title: File size limit