UpPrevious Next Sheriff CSM™ About Sheriff CSM %TWISTY{ showlink="table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ About Sheriff CSM Network Security Capabilities Sheriff CSM is designed primarily to help mid size organizations effectively defend t...

UpPrevious Next Sheriff CSM™ About Sheriff CSM System Architecture and Components As a unified security platform, Sheriff CSM combines several critical security ...

UpPrevious Next Sheriff CSM™ Adding Assets Sheriff CSM provides different ways to add your assets: Note: The Sheriff CSM system inserts new assets automatically ...

UpPrevious Next Sheriff CSM™ Alarm Details — Columns and Fields Alarm Details field descriptions Column/Field Name Description Status Whether or not t...

UpPrevious Next Sheriff CSM™ Asset Administration Managing assets occurs in Sheriff CSM in the Asset List View. This section covers the following subtopics: *...

Asset Group Asset groups are administratively created objects that group similar assets for specific purposes.

UpPrevious Next Sheriff CSM™ Asset Group List View An asset group is an administratively created object that pools similar assets used for specific purposes. Sher...

UpPrevious Next Sheriff CSM™ Asset List View The Asset List view, Environment Assets Groups Assets, provides a centralized view of your assets. For fiel...

UpPrevious Next Sheriff CSM™ Asset Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

Asset Value Specifies an asset's importance or critically relative to other managed assets.

UpPrevious Next Sheriff CSM™ Assets and Groups It is important for security practitioners to know what assets are connected on the company network and how the de...

CIDR Classless Inter Domain Routing, which provides a method for allocating IP addresses, routing Internet protocol packets, and subdividing networks. CIDR notifi...

UpPrevious Next Sheriff CSM™ Capture and Examine Packets Sheriff CSM integrated packet capture functionality allows you to capture traffic on your network for off...

UpPrevious Next Sheriff CSM™ Configure Network Interfaces Sheriff CSM All in One comes with six network interfaces, numbered eth0 to eth5. Sheriff CSM uses these ...

UpPrevious Next Sheriff CSM™ Configure Plugins Most of the plugins in Sheriff CSM do not require additional configuration after they are enabled, especially if y...

UpPrevious Next Sheriff CSM™ Configure SDEE Plugins Cisco Systems IPS Sensor 5.0 uses the Security Device Event Exchange (SDEE) protocol to specify the format of...

UpPrevious Next Sheriff CSM™ Configure Sheriff CSM to Use a DNS Use of a Domain Name Service (DNS) helps Sheriff CSM to resolve host names against IP addresses. ...

UpPrevious Next Sheriff CSM™ Configure WMI Plugins Windows Management Instrumentation (WMI) plugins collect Microsoft Windows events and data remotely. These plu...

UpPrevious Next Sheriff CSM™ Configure Availability Monitoring Availability monitoring in Sheriff CSM runs from the server, and can be used to monitor availabili...

UpPrevious Next Sheriff CSM™ Configuring Network Interfaces Applies to Product: Sheriff CSM™ Sheriff Vigilante® A Sheriff CSM All in One comes with six n...

UpPrevious Next Sheriff CSM™ Configuring Network Interfaces A Sheriff CSM All in One comes with six network interfaces, numbered eth0 to eth5. Sheriff CSM uses t...

UpPrevious Next Sheriff CSM™ Correlation Rules A correlation rule defines a condition to match incoming events. Refer to How Does Correlation Work? for details. T...

UpPrevious Next Sheriff CSM™ Create New Accounts for LDAP Users Use this procedure to create new user accounts for LDAP users. For local users, see Create New Acc...

UpPrevious Next Sheriff CSM™ Create New Accounts for Local Users Use this procedure to create new user accounts for local Sheriff CSM users. For LDAP users, see C...

UpPrevious Next Sheriff CSM™ Create New Plugins Using the Plugin Builder In addition to the other methods described for customizing or creating new Sheriff CSM p...

UpPrevious Next Sheriff CSM™ Create Policy Conditions This topic explains how to configure policy conditions for external event policies, using the Default Policy...

UpPrevious Next Sheriff CSM™ Creating a Network In Sheriff CSM, you can create a network either manually or by importing a CSV file. Creating a Network by Import...

UpPrevious Next Sheriff CSM™ Creating an Asset Group In Sheriff CSM, you can create an asset group in the following ways: * From the Asset List View, select a...

UpPrevious Next Sheriff CSM™ Creating Vulnerability Scan Jobs By default, Sheriff CSM runs vulnerability scan jobs without any authentication. They are less thor...

UpPrevious Next Sheriff CSM™ Deleting the Assets To delete asset(s) 1 Go to Environment Assets Groups Assets. 1 Select the asset(s) you want to delet...

UpPrevious Next Sheriff CSM™ Deploying HIDS Agents In this section, you will learn about deploying HIDS agents from the asset list view: * Deploying HIDS Agen...

UpPrevious Next Sheriff CSM™ Deploying HIDS to Servers We recommend deploying a host based intrusion detection system (HIDS) to enable * File integrity monito...

UpPrevious Next Sheriff CSM™ Discovering Assets in Your Network Understanding what is in your environment is a critical step towards identifying threats and vuln...

UpPrevious Next Sheriff CSM™ Duplicate a User Account Duplicating an existing user account can save time when you want to create a new user and the new user shoul...

UpPrevious Next Sheriff CSM™ Editing the Assets You can edit your assets once they are in Sheriff CSM. For example, you can add a description or a location for y...

UpPrevious Next Sheriff CSM™ Enable Plugins Sheriff provides more than one way to enable plugins in Sheriff CSM. First, you can enable plugins on specific discov...

UpPrevious Next Sheriff CSM™ Enable Plugins from the Sensor (Deputy) Configuration You can enable up to 100 plugins on a Sheriff CSM Sensor from the Sheriff CSM w...

UpPrevious Next Sheriff CSM™ Enable Plugins on Assets After you run a scan of your network to discover assets, the discovered assets are saved in the Sheriff CSM ...

UpPrevious Next Sheriff CSM™ Entities and Assets Structure Tree Fields Use the Entities and Assets Structure tree to create, modify, and delete correlation contex...

Environment Status Colors and Meanings for Asset Groups Environment StatusColorMeaning HIDS Green All the assets in this group have HIDS agents deployed and ...

UpPrevious Next Sheriff CSM™ Event Collection, Processing, and Correlation Workflow All Sheriff CSM's security monitoring and management capabilities stem from i...

UpPrevious Next Sheriff CSM™ Event Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Event Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Excluding Assets in an Asset Scan Occasionally you may want to exclude certain assets such as a printer or a switch when scanning a network. In S...

UpPrevious Next Sheriff CSM™ Exporting the Assets To export assets 1 Go to Environment Assets Groups Assets. 1 Select the asset(s) you want to export...

FQDN Fully qualified domain name. Sometimes, also referred to as an absolute domain name.

Field Descriptions for Asset Scan Results Column/Field NameDescription Check box to select hosts. Host The IP address that identifies the host. Hostname...

UpPrevious Next Sheriff CSM™ Filtering Alarms in List View Both a high level overview and a detailed look at individual alarm types, the List View lets you filte...

UpPrevious Next Sheriff CSM™ Firewall Permissions Sheriff CSM components must use particular URLs, protocols, and ports to function correctly. Note: If deploying ...

UpPrevious Next Sheriff CSM™ GTA Firewall When you configure GTA Firewall to send log data to Sheriff CSM, you can use the GTA Firewall plugin to translate raw l...

UpPrevious Next Sheriff CSM™ Getting Started Wizard %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgle...

UpPrevious Next Sheriff CSM™ High Availability Configuration %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" h...

UpPrevious Next Sheriff CSM™ How to Run Reports You can find all the Sheriff CSM reports on Reports All Reports. All Reports ' width='665' / For field descri...

UpPrevious Next Sheriff CSM™ Importing Scan Results This option allows you to import results from external scanners to create reports or perform cross correlatio...

UpPrevious Next Sheriff CSM™ Introduction to Sheriff CSM This guide provides information for users of the Sheriff CSM system, that are responsible for monitoring...

UpPrevious Next Sheriff CSM™ Kaspersky Security Center DataBase When you configure Kaspersky Security Center to send log data to Sheriff CSM, you can use the Kas...

UpPrevious Next Sheriff CSM™ Labeling the Assets You can use labels to further classify your assets and later use them when Searching for Assets. To label your as...

UpPrevious Next Sheriff CSM™ Limit User Visibility with Entities %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="...

UpPrevious Next Sheriff CSM™ List of Sheriff CSM Reports Sheriff updates the Sheriff CSM reports on an on going basis. The following table lists the reports in a...

UpPrevious Next Sheriff CSM™ Managing Network Groups You manage network groups from the Network Group List view. Creating Network Groups To create a network grou...

UpPrevious Next Sheriff CSM™ Managing the Sheriff CSM Environment In addition to monitoring and analyzing events and alarms, there are other aspects of security ...

Meaning of the Symbols when Labeling Assets Meaning of the symbols when labeling assets Symbol Meaning Some of the selected assets currently use this ...

UpPrevious Next Sheriff CSM™ Microsoft DHCP Server through NXLog When you configure Microsoft DHCP Server to send log data to Sheriff CSM, you can use the DHCP C...

UpPrevious Next Sheriff CSM™ Microsoft DNS Server through NXLog When you configure Microsoft DNS Server to send log data to Sheriff CSM, you can use the Microsof...

UpPrevious Next Sheriff CSM™ Microsoft Exchange Server through NXLog When you configure Microsoft Exchange Server to send log data to Sheriff CSM, you can use th...

UpPrevious Next Sheriff CSM™ Microsoft IIS FTP Server through NXLog The Microsoft Internet Information Services (IIS) Management Pack includes a FTP Server that ...

UpPrevious Next Sheriff CSM™ Microsoft IIS SMTP Server through NXLog When you configure Microsoft IIS SMTP Server to send log data to Sheriff CSM, you can use th...

UpPrevious Next Sheriff CSM™ Microsoft IIS through NXLog When you configure Microsoft Internet Information Services (IIS) to send log data to Sheriff CSM, you ca...

UpPrevious Next Sheriff CSM™ Microsoft NPS through NXLog When you configure Microsoft Network Policy Server (NPS) to send log data to Sheriff CSM, you can use th...

UpPrevious Next Sheriff CSM™ Microsoft SCOM through NXLog When you configure Microsoft System Center Operations Manager (SCOM) to send log data to Sheriff CSM, y...

UpPrevious Next Sheriff CSM™ Microsoft SQL Server through NXLog When you configure Microsoft SQL Server to send log data to Sheriff CSM, you can use the MSSQL Se...

UpPrevious Next Sheriff CSM™ Microsoft Sysmon through NXLog When you configure Microsoft System Monitor (Sysmon) to send log data to Sheriff CSM, you can use the...

UpPrevious Next Sheriff CSM™ Microsoft Windows Event Logs through NXLog When you configure NXLog to send log data to Sheriff CSM, you can use the Nxlog plugin to...

UpPrevious Next Sheriff CSM™ Microsoft Windows Firewall through NXLog When you configure Microsoft Windows Firewall to send log data to Sheriff CSM, you can use ...

UpPrevious Next Sheriff CSM™ Modifying a Custom Scan Profile To modify a custom profile for vulnerability scans 1 Go to Environment Vulnerabilities Overvi...

UpPrevious Next Sheriff CSM™ NetFlow Event Controls You are able to configure Sheriff CSM All In One to create events when anomalous bandwidth usage is detected i...

Network Field Descriptions Network field descriptions Column/Field NameRequired or OptionalDescription Name Required Name of the network. CIDR Required CID...

UpPrevious Next Sheriff CSM™ Network Group List View From the Network Group List view (Environment Assets Groups Network Groups), you can create and manage...

UpPrevious Next Sheriff CSM™ Network List View Sheriff CSM provides a centralized view for managing your networks. It has a similar look and feel to the Asset Li...

UpPrevious Next Sheriff CSM™ Netwrix Auditor through NXLog When you configure Netwrix Auditor to send log data to Sheriff CSM, you can use the Netwrix Auditor pl...

UpPrevious Next Sheriff CSM™ ObserveIT through NXLog When you configure ObserveIT to send log data to Sheriff CSM, you can use the ObserveIT NXLog plugin to tran...

UpPrevious Next Sheriff CSM™ Open Threat Exchange® and Sheriff CSM %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft...

UpPrevious Next Sheriff CSM™ Oracle through NXLog When you configure Oracle Database to send log data to Sheriff CSM, you can use the Oracle NXLog plugin to tran...

UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 11: Regularly Test Security Systems and Processes Testing Procedure How Sheriff CSM Delivers Sherif...

UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 2: Do Not Use Vendor Supplied Defaults for System Passwords and Other Security Parameters Testing Procedur...

UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 9: Restrict Physical Access to Cardholder Data Testing Procedure How Sheriff CSM Delivers Sheriff CS...

UpPrevious Next Sheriff CSM™ Plugin Fundamentals %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=...

UpPrevious Next Sheriff CSM™ Plugin Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ Policy Conditions Set policy conditions to determine which elements of an incoming event Sheriff CSM will process. You set these con...

UpPrevious Next Sheriff CSM™ Policy Order and Grouping Policy Order Importance Policies consist of numbered rules that Sheriff CSM applies in descending order wh...

UpPrevious Next Sheriff CSM™ Review Security Events %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimglef...

UpPrevious Next Sheriff CSM™ Reviewing Alarms as a Group This task helps you sort alarms in bulk as a group when you have many alarms that are similar. You can a...

UpPrevious Next Sheriff CSM™ Reviewing Alarms as a List %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hidei...

UpPrevious Next Running a Scan for New Assets Manually To run a scan for new assets manually 1 Go to Environment Assets Groups Assets. 1 Click Add ...

UpPrevious Next Sheriff CSM™ Running Asset Scans You can run an asset scan on individual assets. This is useful, for example, if you want to find out if anything ...

UpPrevious Next Sheriff CSM™ Running Vulnerability Scans from Assets You can run vulnerability scans on individual assets. The fewer assets to scan, the sooner th...

UpPrevious Next Sheriff CSM™ Running Vulnerability Scans from Assets You can run vulnerability scans on individual assets. The fewer assets to scan, the sooner t...

UpPrevious Next Scheduling an Asset Discovery Scan You can schedule a scan to run at a set frequency. This is particularly useful on an active network. To schedul...

UpPrevious Next Sheriff CSM™ Searching for Assets You can either search for or filter your assets by simply typing what you are looking for in the search box, in ...

UpPrevious Next Sheriff CSM™ Selecting Assets in Asset List View To select a single asset * Select the check box to the left of the asset. To select multiple a...

UpPrevious Next Sheriff CSM™ Sheriff CSM Administration and Configuration During the course of using Sheriff CSM to manage and maintain network security in your ...

UpPrevious Next Sheriff CSM™ Sheriff CSM Dashboard Configuration Within the dashboard view, you can see multiple tabs displaying various visual representations of...

UpPrevious Next Sheriff CSM™ Sheriff CSM Dashboards %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimglef...

UpPrevious Next Sheriff CSM™ Sheriff CSM Event Taxonomy Sheriff event taxonomy is a classification system for security events. It provides the Sheriff CSM correla...

UpPrevious Next Sheriff CSM Excepted Data Types Device CategoriesDevice Types for Network Device Network Device: Bridge Network Device: Broadband Router Net...

UpPrevious Next Sheriff CSM™ Sheriff CSM Network Security Best Practices Providing strong and effective security for an organization’s network, IT infrastructure,...

UpPrevious Next Sheriff CSM™ Sheriff CSM Network Security Concepts and Terminology When working with Sheriff CSM and using the Sheriff CSM web UI to perform netw...

UpPrevious Next Sheriff CSM™ Sheriff CSM Reports %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=...

UpPrevious Next Sheriff CSM™ Sheriff Vigilante Report Types Sheriff Vigilante Reports Sheriff Vigilante provides a set of simplified versions of the reports fou...

UpPrevious Next Sheriff CSM™ Sophos Enterprise Console through NXLog When you configure Sophos Enterprise Console (SEC) to send log data to Sheriff CSM, you can ...

UpPrevious Next Task 2: Add a Level 1 Rule to Detect the Event This task adds a level 1 rule for the directive created in Task 1. In this rule, we try to match o...

Examine Alarms and Security Events In this procedure, we describe the first and most straightforward method of investigating the trigger for a specific alarm. To ...

UpPrevious Next Sheriff CSM™ The Sheriff CSM Web User Interface The Sheriff CSM web user interface (or web UI) provides access to all the tools and capabilities ...

UpPrevious Next Sheriff CSM™ Tutorial: Create a New Directive to Detect DoS Attack Sometimes, you may find that none of the built in directives work in your envir...

UpPrevious Next Sheriff CSM™ User Administration in Sheriff CSM %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="...

UpPrevious Next Sheriff CSM™ User Authorization %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ Using OTX in Sheriff CSM When you sign up for and connect your Open Threat Exchange® (OTX™) account to your Sheriff CSM instance, it...

UpPrevious Next Sheriff CSM™ Verifying Sheriff CSM Operation Once the basic installation and configuration of your Sheriff CSM system is completed (as described i...

UpPrevious Next Sheriff CSM™ Viewing Asset Details To view asset details from the Asset List view, double click a specific asset or click the magnifying glass () ...

UpPrevious Next Sheriff CSM™ Viewing Asset Group Details From the Asset Group List view, when you double click a specific asset group, or click the magnifying gla...

UpPrevious Next Sheriff CSM™ Viewing Network Details From the Network List View, you can double click a specific network or click the view icon () at the end of t...

UpPrevious Next Sheriff CSM™ Vulnerability Assessment %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimg...

UpPrevious Next Sheriff CSM™ Vulnerability Scans %TWISTY{ showlink="Performing Vulnerability Scans" hidelink="Performing Vulnerability Scans" start="show" sh...

* .WikiGuest * .SheriffCyberSecurity: AddingAssetsByScanningForNewAssets CustomizeAndDevelopNewPlugins PolicyConsequences

UpPrevious Next Sheriff CSM™ What Expectations Should I Have of Security Monitoring? Security monitoring is often about monitoring often overlooked things such as...

UpPrevious Next Sheriff CSM™ What Is Telemetry Collection and How Does It Work At Sheriff Cyber Security, LLC, we are continually striving to improve Sheriff CSM...

UpPrevious Next Sheriff CSM™ Wing FTP Server through NXLog When you configure Wing FTP Server to send log data to Sheriff CSM, you can use the Wing FTP Server pl...