You are here:
Docs
>
Sheriff Web
>
UserGuides
>
SheriffCSMDocumentation
>
DeploymentGuide
>
PluginManagement
>
ConfigureLogForwardingOnCommonlyUsedDataSources
(22 Feb 2021,
SheriffCyberSecurity
)
Edit
Attach
Up
Previous
Next
Sheriff CSMâ„¢
Configure Log Forwarding on Commonly Used Data Sources
Sheriff CSM plugins process data collected from many different data sources, parsing and normalizing the data, and then saving the data as standard format events in the database. The Sheriff CSM Server filters events based on policies, and correlates events to trigger alarms when they match specified rules and conditions. Users can then view and analyze these events and alarms in the Sheriff CSM web UI.
Note:
For more information about how plugins work, and how to use them, refer to
Sheriff CSM Plugin Management
.
This section provides integration information for the most commonly-used data sources supported by plugins provided in Sheriff CSM. For each integration, the instructions describe how to configure the data source to send log data to Sheriff CSM, how to select and enable the plugin in the Sheriff CSM web UI, and where to obtain additional configuration and troubleshooting information from the data source vendor's website.
Note:
For a list of all the plugins that Sheriff CSM supports, see the
Sheriff CSM Supported Plugins List
. Plugins in Sheriff CSM are not the same as those used by USM Anywhere.
A10 Thunder Web Application Firewall (WAF)
Array Networks Secure Access Gateway
Arpalert
Artillery Honeypot
Atomic Software HoneyBOT
ASUSTeK Router
Avaya Media Gateway
Avaya Wireless LAN
Barracuda NextGen Firewalls
Blackboard Learn
Blue Coat ProxySG
Brocade Router/Switch
Check Point Firewall
Check Point MEPP
Cisco ASA
Cisco ACS
Cisco Meraki
Cisco PIX
Cisco RV
Cisco WLC
Citrix NetScaler
Cisco Unified Communications Manager
Click Studios Passwordstate
Comodo Antivirus
CrowdStrike Falcon
CrushFTP
CyberArk Enterprise Password Vault
Dell EMC RecoverPoint
Dell EqualLogic
Dell SonicWALL
DenyAll Web Application Firewall (WAF)
D-Link UTM Firewall
D-Link Wireless Controller
Dtex Systems Dtex
ESET Antivirus
F5 BIG-IP APM
ForeScout CounterACT
Fortinet FortiGate
FreeIPA
GTA Firewall
HAProxy
Huawei IPS Module
HP BladeSystem Chassis
HP MSM Integrated Controller
Imperva SecureSphere
Juniper SRX
Kaspersky Security Center
Kaspersky Security Center DataBase
Kerio Connect
LOGbinder for SharePoint
ManageEngine ADAudit Plus
McAfee AntiSpam
McAfee Web Gateway
Microsoft ATA
Microsoft Office 365 Cloud App Security
MikroTik Router
Motorola RFS 4000
NBS System Naxsi
NETGEAR Switch
NetMotion Mobility
NXLog Plugins
Microsoft DHCP Server through NXLog
Microsoft DNS Server through NXLog
Microsoft Exchange Server through NXLog
Microsoft IIS through NXLog
Microsoft IIS FTP Server through NXLog
Microsoft IIS SMTP Server through NXLog
Microsoft NPS through NXLog
Microsoft SCOM through NXLog
Microsoft SQL Server through NXLog
Microsoft Sysmon through NXLog
Microsoft Windows Event Logs through NXLog
Microsoft Windows Firewall through NXLog
Netwrix Auditor through NXLog
ObserveIT through NXLog
Oracle through NXLog
Sophos Enterprise Console through NXLog
Wing FTP Server through NXLog
Oracle JD Edwards EnterpriseOne
Oracle WebLogic Server
PacketFence
Palo Alto Networks PAN-OS
Palo Alto Networks Traps
ProFTPD
Proofpoint Protection Server
Pure Storage Purity Operating Environment
Rapid7 Nexpose
Red Hat JBoss Middleware
RSA SecurID Access Identity Router (IDR)
SecureAuth
SentinelOne
Shorewall Firewall
Sophos Antivirus
Sophos Central
Sophos XG Firewall
STEALTHbits StealthINTERCEPT
Symantec ATP
Symantec EPM
Thycotic Software Secret Server
Trend Micro Deep Security
Trend Micro Deep Security Inspector
Trend Micro Vulnerability Protection
Tufin Orchestration Suite
Ubiquiti TOUGHSwitch PoE
Untangle NG Firewall
Varonis DatAdvantage
VMware ESXi
VMware SSO
VMware vCenter
VMware View Administrator
Watchguard XCS
Watchguard XTM
Websense Web Security 7
zScaler NSS
E
dit
|
A
ttach
|
P
rint version
|
H
istory
: r7
<
r6
<
r5
<
r4
|
B
acklinks
|
V
iew wiki text
|
Edit
w
iki text
|
M
ore topic actions
Topic revision: r7 - 22 Feb 2021,
SheriffCyberSecurity
Sheriff
User Guides
Sheriff CSM
Deployment Guide
User Guide
A10ThunderWebApplicationFirewall
ASUSTeKRouter
Arpalert
ArrayNetworksSecureAccessGateway
ArtilleryHoneypot
AtomicSoftwareHoneyBOT
AvayaMediaGateway
AvayaWirelessLAN
BarracudaNextGenFirewalls
BlackboardLearn
BlueCoatProxySG
BrocadeRouterSwitch
CheckPointFirewall
CheckPointMEPP
CiscoACS
CiscoASA
CiscoMeraki
CiscoPIX
CiscoRV
CiscoUnifiedCommunicationsManager
CiscoWLC
CitrixNetScaler
ClickStudiosPasswordstate
ComodoAntivirus
CrowdStrikeFalcon
CrushFTP
CyberArkEnterprisePasswordVault
D-LinkUTMFirewall
D-LinkWirelessController
DellEMCRecoverPoint
DellEqualLogic
DellSonicWALL
DenyAllWebApplicationFirewall
DtexSystemsDtex
ESETAntivirus
F5BIG-IPAPM
ForeScoutCounterACT
FortinetFortiGate
FreeIPA
GTAFirewall
HAProxy
HPBladeSystemChassis
HPMSMIntegratedController
HuaweiIPSModule
ImpervaSecureSphere
JuniperSRX
KasperskySecurityCenter
KasperskySecurityCenterDatabase
KerioConnect
LOGbinderForSharePoint
ManageEngineADAuditPlus
McAfeeAntiSpam
McAfeeWebGateway
MicrosoftATA
MicrosoftOffice365CloudAppSecurity
MikroTikRouter
MotorolaRFS4000
NBSSystemNaxsi
NETGEARSwitch
NXLogPlugins
NetMotionMobility
OracleJDEdwardsEnterpriseOne
OracleWebLogicServer
PacketFence
PaloAltoNetworksPANOS
PaloAltoNetworksTraps
ProFTPD
ProofpointProtectionServer
PureStoragePurityOperatingEnvironment
RSASecurIDAccessIdentityRouter
Rapid7Nexpose
RedHatJBossMiddleware
STEALTHbitsStealthINTERCEPT
SecureAuth
SentinelOne
ShorewallFirewall
SophosAntivirus
SophosCentral
SophosXGFirewall
SymantecATP
SymantecEPM
ThycoticSoftwareSecretServer
TrendMicroDeepSecurity
TrendMicroDeepSecurityInspector
TrendMicroVulnerabilityProtection
TufinOrchestrationSuite
UbiquitiTOUGHSwitchPoE
UntangleNGFirewall
VMwareESXi
VMwareSSO
VMwareVCenter
VMwareViewAdministrator
VaronisDatAdvantage
WatchguardXCS
WatchguardXTM
WebsenseWebSecurity7
ZScalerNSS
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.