Up
Previous Next

Comodo Antivirus

When you configure Comodo Antivirus to send log data to Sheriff CSM, you can use the Comodo Antivirus plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Comodo
Device Type Antivirus
Connection Type Syslog
Data Source Name Comodo-antivirus
Data Source ID 1562

Integrating Comodo Antivirus

Before you configure the Comodo Antivirus integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Comodo Antivirus to send Syslog messages to Sheriff CSM
  1. From the Comodo IT and Security Manager console, navigate the Comodo Client Security interface and select Advanced Settings > General Settings > Logging to display the Logging tab page.

  2. Select the Write to syslog server (CEF format) check box.

  3. In the Host field, enter the Sheriff CSM IP address or hostname.

  4. In the Port field, specify 514.

  5. Save your changes.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://help.comodo.com/topic-399-1-790-10354-.html

For troubleshooting, refer to the vendor documentation:

https://help.comodo.com/
Topic revision: r7 - 28 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.