Up
Previous Next

Sheriff CSMâ„¢

Configure Log Forwarding on Commonly Used Data Sources

Sheriff CSM plugins process data collected from many different data sources, parsing and normalizing the data, and then saving the data as standard format events in the database. The Sheriff CSM Server filters events based on policies, and correlates events to trigger alarms when they match specified rules and conditions. Users can then view and analyze these events and alarms in the Sheriff CSM web UI.

Note: For more information about how plugins work, and how to use them, refer to Sheriff CSM Plugin Management.

This section provides integration information for the most commonly-used data sources supported by plugins provided in Sheriff CSM. For each integration, the instructions describe how to configure the data source to send log data to Sheriff CSM, how to select and enable the plugin in the Sheriff CSM web UI, and where to obtain additional configuration and troubleshooting information from the data source vendor's website.

Note: For a list of all the plugins that Sheriff CSM supports, see the Sheriff CSM Supported Plugins List. Plugins in Sheriff CSM are not the same as those used by USM Anywhere.

A10 Thunder Web Application Firewall (WAF)

Array Networks Secure Access Gateway

Arpalert

Artillery Honeypot

Atomic Software HoneyBOT

ASUSTeK Router

Avaya Media Gateway

Avaya Wireless LAN

Barracuda NextGen Firewalls

Blackboard Learn

Blue Coat ProxySG

Brocade Router/Switch

Check Point Firewall

Check Point MEPP

Cisco ASA

Cisco ACS

Cisco Meraki

Cisco PIX

Cisco RV

Cisco WLC

Citrix NetScaler

Cisco Unified Communications Manager

Click Studios Passwordstate

Comodo Antivirus

CrowdStrike Falcon

CrushFTP

CyberArk Enterprise Password Vault

Dell EMC RecoverPoint

Dell EqualLogic

Dell SonicWALL

DenyAll Web Application Firewall (WAF)

D-Link UTM Firewall

D-Link Wireless Controller

Dtex Systems Dtex

ESET Antivirus

F5 BIG-IP APM

ForeScout CounterACT

Fortinet FortiGate

FreeIPA

GTA Firewall

HAProxy

Huawei IPS Module

HP BladeSystem Chassis

HP MSM Integrated Controller

Imperva SecureSphere

Juniper SRX

Kaspersky Security Center

Kaspersky Security Center DataBase

Kerio Connect

LOGbinder for SharePoint

ManageEngine ADAudit Plus

McAfee AntiSpam

McAfee Web Gateway

Microsoft ATA

Microsoft Office 365 Cloud App Security

MikroTik Router

Motorola RFS 4000

NBS System Naxsi

NETGEAR Switch

NetMotion Mobility

NXLog Plugins

Microsoft DHCP Server through NXLog

Microsoft DNS Server through NXLog

Microsoft Exchange Server through NXLog

Microsoft IIS through NXLog

Microsoft IIS FTP Server through NXLog

Microsoft IIS SMTP Server through NXLog

Microsoft NPS through NXLog

Microsoft SCOM through NXLog

Microsoft SQL Server through NXLog

Microsoft Sysmon through NXLog

Microsoft Windows Event Logs through NXLog

Microsoft Windows Firewall through NXLog

Netwrix Auditor through NXLog

ObserveIT through NXLog

Oracle through NXLog

Sophos Enterprise Console through NXLog

Wing FTP Server through NXLog

Oracle JD Edwards EnterpriseOne

Oracle WebLogic Server

PacketFence

Palo Alto Networks PAN-OS

Palo Alto Networks Traps

ProFTPD

Proofpoint Protection Server

Pure Storage Purity Operating Environment

Rapid7 Nexpose

Red Hat JBoss Middleware

RSA SecurID Access Identity Router (IDR)

SecureAuth

SentinelOne

Shorewall Firewall

Sophos Antivirus

Sophos Central

Sophos XG Firewall

STEALTHbits StealthINTERCEPT

Symantec ATP

Symantec EPM

Thycotic Software Secret Server

Trend Micro Deep Security

Trend Micro Deep Security Inspector

Trend Micro Vulnerability Protection

Tufin Orchestration Suite

Ubiquiti TOUGHSwitch PoE

Untangle NG Firewall

Varonis DatAdvantage

VMware ESXi

VMware SSO

VMware vCenter

VMware View Administrator

Watchguard XCS

Watchguard XTM

Websense Web Security 7

zScaler NSS
Topic revision: r7 - 22 Feb 2021, SheriffCyberSecurity

User Guides

Sheriff CSM

Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.