Up
Previous Next

Sheriff CSMâ„¢

Clear All Events from the SIEM Database

Sheriff CSM backs up events every day and purges them after a threshold (Event Backup Configuration). But sometimes you may want to clear the entire database to start fresh again. For example, after the initial deployment and benchmarking exercise (Establishing Baseline Network Behavior), you may have concluded that all events in the database are noise. After configuring policies and making sure they are effective, you want a clean database to receive new events. In this case, you can clear exiting events from the SIEM database manually.

Important: For compliance reasons, you may need to keep all events for a number of days. If you are not sure, consult your compliance officer.

To delete all the events through the web UI
  1. Login to the Sheriff CSM web UI.

  2. Go to Configuration > Administration > Backups.

  3. Click Clear SIEM Database.

To delete all the events through the Sheriff Setup menu
  1. Connect to the Sheriff Console through SSH and use your credentials to log in.

    The Sheriff Setup menu displays.

  2. Select Maintenance & Troubleshooting.

  3. Select Maintain Database.

  4. Select Reset SIEM database.

Sheriff Vigilante Limitations: The Sheriff CSM SIEM engine has more diverse capabilities in handling events due to its built-in correlation abilities and graph-based analytics.
Topic revision: r5 - 01 Sep 2021, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.