Up
Previous Next

Sheriff CSM™

Enable Plugins on Assets

After you run a scan of your network to discover assets, the discovered assets are saved in the Sheriff CSM database. (For information on asset discovery, see Adding Assets by Scanning for New Assets.) You can then select and enable plugins on the discovered assets. You can enable up to 10 plugins per asset.

You can enable all plugins on an asset, except for the deputy-only ones, from the Sheriff CSM web UI.

To enable a plugin from the Asset Details display
  1. Go to Environment > Assets & Groups > Assets.

  2. Select the asset for which you want to enable plugins.

  3. Click the magnifying glass icon ().

  4. Click the Plugins tab.

  5. Click Edit Plugins.

    Edit Plugins page from Assets.

  6. Select a vendor, a model, and a version of the plugin you want to enable.

  7. Click Add Plugin.
  8. If you want to add another plugin, select another plugin in the same way as before and click Add Plugin; otherwise, click Save.

    Enabled plugins now appear in the plugin display for the current asset:

    Plugins page from Add Plugins.

    The Receiving Data value turns green when the Source, Destination, or Device IP field of an event matches the IP address of the asset.

  9. Repeat the procedure for each discovered asset.

    Note: Incoming syslog messages for each asset are saved on the Sheriff CSM Deputy in individual /var/log/sheriff/devices/<asset_IP_address> folders, one folder per asset IP address.

You can enable all plugins, except for the Deputy-only ones, from the Getting Started Wizard, as long as you have Sheriff CSM All-in-One.

Note: The Getting Started Wizard is only available for Sheriff CSM All-in-One.

The Getting Started Wizard takes you through the initial setup tasks needed to configure Sheriff CSM after deployment.

After the wizard guides you through the network scan, you will see a list of discovered assets on the Log Management page. This page lets you enable up to 10 plugins for each of these discovered assets and up to 100 plugins per Sheriff CSM Deputy.

To enable plugins for each asset
  1. Select the correct Vendor, Model, and Version number corresponding to the data that you want to collect from that asset.

    All three fields are required. The Version field defaults to ‘-‘ if no other selection is available. The Add Plugin button is enabled.

  2. If you want to enable another plugin for the same asset, click Add Plugin.

    Another row is added for you to select the Vendor, Model, and Version number for a different plugin.

  3. Repeat step 1 and 2 for each plugin you want to enable. You can enable up to 10 plugins per asset.

    Set up Log Window for Getting Started Wizard.

  4. Repeat step 1-3 for each asset.
  5. To enable the selected plugins, click Enable.

    The Log Management Confirmation page, shown in the following illustration, displays the plugins that you enabled. The Receiving Data value turns green when the Source, Destination, or Device IP field of an event matches the IP address of the asset. Gray means that no data is being received.

    Set up Log Management window for Getting Started Wizard.

  6. To learn how to configure your assets to send data to Sheriff CSM, click Instructions to forward logs.

    After you have enabled plugins for your assets, click Next at the bottom-right corner to proceed.

Topic revision: r15 - 08 Oct 2021, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.