UpPrevious Next Sheriff CSM™ About Sheriff CSM Components The following diagram provides a high level view of the overall Sheriff CSM architecture. Sheriff CSM h...

UpPrevious Next Sheriff CSM™ About Sheriff CSM Network Security Capabilities Sheriff CSM is designed primarily to help mid size organizations effectively defend t...

UpPrevious Next Sheriff CSM™ Alarm Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Correlation Contexts Sheriff CSM uses Correlation Contexts to allow overlapping networks. A Sheriff CSM Server can handle overlappin...

Correlation Directives One of the main tools for generating alarms, and contains one or more of the Correlation Rules. After all the conditions specified in a Cor...

UpPrevious Next Sheriff CSM™ Create a New Cross Correlation Rule In this example, we explain how to create a cross correlation rule to detect a MySQL authenticati...

UpPrevious Next Sheriff CSM™ Cross Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ Cross Correlation Rules The correlation engine uses cross correlation rules to connect NIDS events and vulnerabilities discovered by...

Directive An object in Sheriff CSM that contains one or more correlation rules.

UpPrevious Next Sheriff CSM™ Directive Information The first column on the left lists some additional information (called properties) about the directive, such a...

UpPrevious Next Sheriff CSM™ Establishing Baseline Network Behavior When you first start using Sheriff CSM, it is a good idea to let it run for a few days to det...

UpPrevious Next Sheriff CSM™ Event Collection, Processing, and Correlation Workflow All Sheriff CSM's security monitoring and management capabilities stem from i...

UpPrevious Next Sheriff CSM™ Event Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Correlation Directives Sheriff CSM provides over 4,500 built in directives and adds more every week through the AT T Alien Labs™ Thr...

UpPrevious Next Sheriff CSM™ Global Properties Each correlation directive has the following global properties Global properties for correlation directives Prop...

UpPrevious Next Sheriff CSM™ Modify a Built in Cross Correlation Rule Similar to correlation directives, you can customize cross correlation rules as well. Import...

UpPrevious Next Sheriff CSM™ Plugin Fundamentals %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=...

UpPrevious Next Product Types and Categories Applies to Product: Sheriff CSM™ Sheriff Vigilante® Sheriff event taxonomy consists of product types, categor...

UpPrevious Next Sheriff CSM™ Reviewing Alarms as a Group This task helps you sort alarms in bulk as a group when you have many alarms that are similar. You can a...

UpPrevious Next Sheriff CSM™ Sheriff CSM Administration and Configuration During the course of using Sheriff CSM to manage and maintain network security in your ...

UpPrevious Next Sheriff CSM™ Sheriff CSM Updates %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=...

UpPrevious Next Sheriff CSM™ Sheriff NIDS %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" }% ...

UpPrevious Next Sheriff CSM™ Tutorial: Create a New Directive to Detect DoS Attack Sometimes, you may find that none of the built in directives work in your envir...

UpPrevious Next Sheriff CSM™ Tutorial: Modifying a Built In Directive Sheriff CSM comes with over 4,500 built in directives, written by the researchers in the AT...

UpPrevious Next Sheriff CSM™ Vulnerability Assessment %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimg...