You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>UserGuide>IntroductionToSheriffCSM>AboutSheriffCSMComponents (16 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSM™

About Sheriff CSM Components

The following diagram provides a high-level view of the overall Sheriff CSM architecture.

USM Architecture

Sheriff CSM has two core components:

  • Sheriff CSM Sensor (Deputy) — deployed throughout your network to collect events from various devices on the network.
  • Sheriff CSM Server — aggregates and correlates information gathered by the Sheriff CSM Sensors, and provides single pane-of-glass management, reporting, and administration.

The Sheriff CSM Sensor collects raw log data and other information from various network devices, host servers, and applications, normalizes the data into a standard-event format, and sends the events on to the Sheriff CSM Server. Customers can choose from over 200 Sensor plugins to process raw log files and other information from different network devices that might be deployed in a customer’s network environment. Once events have reached the Sheriff CSM Server, you can use the Sheriff CSM web UI to view and analyze events, establish policy and correlation rules, investigate and address alarms, and perform other network security operations.
Edit  | Attach | Print version | History: r9 < r8 < r7 < r6 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r9 - 16 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.