UpPrevious Next Sheriff CSM™ Alarm Details — Columns and Fields Alarm Details field descriptions Column/Field Name Description Status Whether or not t...

UpPrevious Next Sheriff CSM™ Alarm Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Alarms List — Fields Alarms list fields Column/Field Name Description Date Date and time Sheriff CSM completed alarm corr...

UpPrevious Next Sheriff CSM™ Alarms Tray – Fields Alarms tray field descriptions Sheriff CSM Field NameDescription Intent Strategy Describes the attack pa...

Correlation Directives One of the main tools for generating alarms, and contains one or more of the Correlation Rules. After all the conditions specified in a Cor...

UpPrevious Next Sheriff CSM™ Correlation Rules A correlation rule defines a condition to match incoming events. Refer to How Does Correlation Work? for details. T...

UpPrevious Next Sheriff CSM™ Create Policy Conditions This topic explains how to configure policy conditions for external event policies, using the Default Policy...

UpPrevious Next Sheriff CSM™ Create Policy Consequences Policy Consequences are the final component to creating a policy, after Create a New Policy and Create Po...

UpPrevious Next Sheriff CSM™ Cross Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ Directive Information The first column on the left lists some additional information (called properties) about the directive, such a...

UpPrevious Next Sheriff CSM™ Event Collection, Processing, and Correlation Workflow All Sheriff CSM's security monitoring and management capabilities stem from i...

UpPrevious Next Sheriff CSM™ Event Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Correlation Directives Sheriff CSM provides over 4,500 built in directives and adds more every week through the AT T Alien Labs™ Thr...

UpPrevious Next Sheriff CSM™ Filtering Alarms in List View Both a high level overview and a detailed look at individual alarm types, the List View lets you filte...

UpPrevious Next Sheriff CSM™ Global Properties Each correlation directive has the following global properties Global properties for correlation directives Prop...

UpPrevious Next Sheriff CSM™ Knowledge DB Some built in correlation directives also include a link that points to a document in the Sheriff Knowledge Base (Confi...

UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 1: Install and Maintain a Firewall Configuration to Protect Cardholder Data Testing Procedure How Sher...

UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 11: Regularly Test Security Systems and Processes Testing Procedure How Sheriff CSM Delivers Sherif...

UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 7: Restrict Access to Cardholder Data by Business Need to Know Testing Procedure How Sheriff CSM Deliv...

UpPrevious Next Sheriff CSM™ ProFTPD When you configure ProFTPD to send log data to Sheriff CSM, you can use the ProFTPD plugin to translate raw log data into no...

UpPrevious Next Sheriff CSM™ Security Events Views The Security Events (SIEM) page, under Analysis Security Events (SIEM), consists of two views: SIEM View and...

UpPrevious Next Sheriff CSM™ Sheriff CSM Administration and Configuration During the course of using Sheriff CSM to manage and maintain network security in your ...

UpPrevious Next Sheriff CSM™ Sheriff CSM Event Taxonomy Sheriff event taxonomy is a classification system for security events. It provides the Sheriff CSM correla...

UpPrevious Next Task 2: Add a Level 1 Rule to Detect the Event This task adds a level 1 rule for the directive created in Task 1. In this rule, we try to match o...

UpPrevious Next Task 3: Add a Level 2 Rule to Detect the Same Event with 100 Occurrences In this task, we try to match the same events selected in Task 2. We wan...

UpPrevious Next Task 4: Add a Level 3 Rule to Detect the Same Event with 1000 Occurrences This task is a repeat of Task 3. You can repeat this task as many times...

UpPrevious Next Task 5: Reload Directives To apply all the changes made 1 Click Reload Directives. The text displays in red, suggesting an action. 1 Clic...

UpPrevious Next Sheriff CSM™ The Policy View %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" }...

UpPrevious Next Sheriff CSM™ Tutorial: Create a New Directive to Detect DoS Attack Sometimes, you may find that none of the built in directives work in your envir...

UpPrevious Next Sheriff CSM™ Tutorial: Create a Policy to Send Emails for Account Lockout Events You can also use the send an email policy for things such as acco...

UpPrevious Next Sheriff CSM™ Tutorial: Modifying a Built In Directive Sheriff CSM comes with over 4,500 built in directives, written by the researchers in the AT...

UpPrevious Next Sheriff CSM™ Using OTX in Sheriff CSM When you sign up for and connect your Open Threat Exchange® (OTX™) account to your Sheriff CSM instance, it...