UpPrevious Next
Sheriff CSM™
About Sheriff CSM Components
The following diagram provides a high-level view of the overall Sheriff CSM architecture.
Sheriff CSM has two core components:
- Sheriff CSM Sensor (Deputy) — deployed throughout your network to collect events from various devices on the network.
- Sheriff CSM Server — aggregates and correlates information gathered by the Sheriff CSM Sensors, and provides single pane-of-glass management, reporting, and administration.
The Sheriff CSM Sensor collects raw log data and other information from various network devices, host servers, and applications, normalizes the data into a standard-event format, and sends the events on to the Sheriff CSM Server. Customers can choose from over 200 Sensor plugins to process raw log files and other information from different network devices that might be deployed in a customer’s network environment. Once events have reached the Sheriff CSM Server, you can use the Sheriff CSM web UI to view and analyze events, establish policy and correlation rules, investigate and address alarms, and perform other network security operations.