UpPrevious Next Sheriff CSM™ A10 Thunder Web Application Firewall (WAF) When you configure A10 Thunder WAF to send log data to Sheriff CSM, you can use the A10 Th...
UpPrevious Next Sheriff CSM™ ASUSTeK Router When you configure ASUSTeK Router to send log data to Sheriff CSM, you can use the ASUSTeK Router plugin to translate ...
UpPrevious Next Sheriff CSM™ About Sheriff CSM %TWISTY{ showlink="table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...
UpPrevious Next Sheriff CSM™ About Sheriff CSM Components The following diagram provides a high level view of the overall Sheriff CSM architecture. Sheriff CSM h...
UpPrevious Next Sheriff CSM™ About Sheriff CSM System Architecture and Components As a unified security platform, Sheriff CSM combines several critical security ...
UpPrevious Next Sheriff CSM™ Adding Assets Sheriff CSM provides different ways to add your assets: Note: The Sheriff CSM system inserts new assets automatically ...
UpPrevious Next Sheriff CSM™ Agentless Monitoring Sheriff HIDS allows you to run integrity checking without agents installed on hosts, network devices, routers, f...
UpPrevious Next Sheriff CSM™ Alarm Details — Columns and Fields Alarm Details field descriptions Column/Field Name Description Status Whether or not t...
UpPrevious Next Sheriff CSM™ Alarms List — Fields Alarms list fields Column/Field Name Description Date Date and time Sheriff CSM completed alarm corr...
UpPrevious Next Sheriff CSM™ Analyzing Alarms, Events, Logs, and Tickets You will likely spend the most time reviewing and analyzing the network security of your...
UpPrevious Next Sheriff CSM™ Arpalert When you configure Arpalert to send log data to Sheriff CSM, you can use the Arpalert plugin to translate raw log data into...
UpPrevious Next Sheriff CSM™ Array Networks Secure Access Gateway When you configure Array Networks Secure Access Gateway to send log data to Sheriff CSM, you ca...
UpPrevious Next Sheriff CSM™ Artillery Honeypot When you configure Binary Defense Artillery Hfoneypot to send log data to Sheriff CSM, you can use the Artillery ...
Asset Details View Tab Description TabInformation Shown Vulnerabilities Vulnerabilities related to this asset. Alarms Alarms related to this asset. Event...
UpPrevious Next Sheriff CSM™ Asset Group List View An asset group is an administratively created object that pools similar assets used for specific purposes. Sher...
UpPrevious Next Sheriff CSM™ Asset List View The Asset List view, Environment Assets Groups Assets, provides a centralized view of your assets. For fiel...
UpPrevious Next Sheriff CSM™ Assets and Groups It is important for security practitioners to know what assets are connected on the company network and how the de...
UpPrevious Next Sheriff CSM™ Atomic Software HoneyBOT When you configure Atomic Software HoneyBOT to send log data to Sheriff CSM, you can use the HoneyBOT plugi...
UpPrevious Next Sheriff CSM™ Avaya Media Gateway When you configure Avaya Media Gateway to send log data to Sheriff CSM, you can use the Avaya Media Gateway plug...
UpPrevious Next Sheriff CSM™ Avaya Wireless LAN When you configure Avaya Wireless LAN to send log data to Sheriff CSM, you can use the Avaya Wireless LAN plugin ...
UpPrevious Next Sheriff CSM™ Back Up and Restore Alarms By default, Sheriff CSM stores alarms in the database until you delete them manually. To save disk space,...
UpPrevious Next Sheriff CSM™ Back Up and Restore Events Sheriff CSM uses internal caches to ensure that communication interruptions between the Sheriff CSM Senso...
UpPrevious Next Sheriff CSM™ Back Up and Restore Events Sheriff CSM uses internal caches to ensure that communication interruptions between the Sheriff CSM Senso...
UpPrevious Next Sheriff CSM™ Back Up and Restore MongoDB MongoDB is a cross platform and open source document oriented database, a kind of NoSQL database. As a No...
UpPrevious Next Sheriff CSM™ Back Up and Restore System Configuration %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgl...
UpPrevious Next Sheriff CSM™ Back up and Restoration Sheriff CSM does not offer a tool to back up or restore the entire system collectively. However, you can bac...
UpPrevious Next Sheriff CSM™ Barracuda NextGen Firewalls When you configure Barracuda NextGen Firewalls to send log data to Sheriff CSM, you can use the Barracuda...
UpPrevious Next Sheriff CSM™ Blackboard Learn When you configure Blackboard Learn to send log data to Sheriff CSM, you can use the Blackboard Learn plugin to tra...
UpPrevious Next Sheriff CSM™ Blue Coat ProxySG When you configure Symantec (formerly Blue Coat) ProxySG to send log data to Sheriff CSM, you can use the Blue Coa...
UpPrevious Next Sheriff CSM™ Brocade Router/Switch When you configure Brocade Router/Switch to send log data to Sheriff CSM, you can use the Brocade Router/Switc...
UpPrevious Next Sheriff CSM™ Change the Default Time Zone The default time zone for Sheriff CSM is Pacific Time (UTC 7h). If you are not operating in that time z...
UpPrevious Next Sheriff CSM™ Check Point Firewall When you configure Check Point Firewall 1 to send log data to Sheriff CSM, you can use the Check Point Firewall...
UpPrevious Next Sheriff CSM™ Check Point MEPP When you configure Check Point Media Encryption and Port Protection (MEPP) to send log data to Sheriff CSM, you can ...
UpPrevious Next Sheriff CSM™ Cisco ACS When you configure Cisco ACS to send log data to Sheriff CSM, you can use the Cisco ACS plugin to translate raw log data i...
UpPrevious Next Sheriff CSM™ Cisco ASA When you configure Cisco ASA to send log data to Sheriff CSM, you can use the Cisco ASA plugin to translate raw log data i...
UpPrevious Next Sheriff CSM™ Cisco Meraki When you configure Cisco Meraki to send log data to Sheriff CSM, you can use the Cisco Meraki plugin to translate raw l...
UpPrevious Next Sheriff CSM™ Cisco PIX When you configure Cisco PIX to send log data to Sheriff CSM, you can use the Cisco PIX plugin to translate raw log data i...
UpPrevious Next Sheriff CSM™ Cisco RV When you configure Cisco RV Series VPN Router to send log data to Sheriff CSM, you can use the Cisco rv plugin to translate...
UpPrevious Next Sheriff CSM™ Cisco Unified Communications Manager When you configure Cisco Unified Communications Manager to send log data to Sheriff CSM, you can...
UpPrevious Next Sheriff CSM™ Cisco WLC When you configure Cisco Wireless LAN Controller (WLC) to send log data to Sheriff CSM, you can use the Cisco WLC plugin t...
UpPrevious Next Sheriff CSM™ Citrix NetScaler When you configure Citrix NetScaler to send log data to Sheriff CSM, you can use the Citrix NetScaler plugin to tran...
UpPrevious Next Sheriff CSM™ Clear All Events from the SIEM Database Sheriff CSM backs up events every day and purges them after a threshold (Event Backup Config...
UpPrevious Next Sheriff CSM™ Click Studios Passwordstate When you configure Click Studios Passwordstate to send log data to Sheriff CSM, you can use the Passwords...
UpPrevious Next Comodo Antivirus When you configure Comodo Antivirus to send log data to Sheriff CSM, you can use the Comodo Antivirus plugin to translate raw log...
Policies Sheriff CSM configuration that allows you to configure how Sheriff CSM processes events. Defines one or more conditions that are evaluated for each incom...
UpPrevious Next Sheriff CSM™ Configure Database Plugins Database plugins extract data from an external database and turn them into Events. Sheriff CSM supports M...
UpPrevious Next Sheriff CSM™ Configure Log Forwarding on Commonly Used Data Sources Sheriff CSM plugins process data collected from many different data sources, ...
UpPrevious Next Sheriff CSM™ Configure Mail Relay in Sheriff CSM You can configure to receive emails from Sheriff CSM. For example, if you want to receive an ema...
UpPrevious Next Sheriff CSM™ Configure SDEE Plugins Cisco Systems IPS Sensor 5.0 uses the Security Device Event Exchange (SDEE) protocol to specify the format of...
UpPrevious Next Sheriff CSM™ Configure Sheriff CSM to Use a DNS Use of a Domain Name Service (DNS) helps Sheriff CSM to resolve host names against IP addresses. ...
UpPrevious Next Sheriff CSM™ Configure WMI Plugins Windows Management Instrumentation (WMI) plugins collect Microsoft Windows events and data remotely. These plu...
UpPrevious Next Sheriff CSM™ Configure Availability Monitoring Availability monitoring in Sheriff CSM runs from the server, and can be used to monitor availabili...
UpPrevious Next Sheriff CSM™ Configuring Sheriff NIDS Sheriff CSM comes with Sheriff NIDS already enabled, but you need to perform the steps below in order to mo...
UpPrevious Next Sheriff CSM™ Correlation Contexts Sheriff CSM uses Correlation Contexts to allow overlapping networks. A Sheriff CSM Server can handle overlappin...
UpPrevious Next Sheriff CSM™ Correlation Rules A correlation rule defines a condition to match incoming events. Refer to How Does Correlation Work? for details. T...
UpPrevious Next Sheriff CSM™ Create a New Policy %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="...
UpPrevious Next Sheriff CSM™ Create a Ticket You can open a ticket in the following ways: * Automatically — based on a configured policy. See Create an Action...
UpPrevious Next Sheriff CSM Create an Action You can create actions for Sheriff CSM to perform on security events. This includes sending an email, executing a sc...
UpPrevious Next Sheriff CSM™ Create Custom Reports If predefined reports in Sheriff CSM do not suit your needs, you can either modify an existing report or gener...
UpPrevious Next Sheriff CSM™ Create Custom Reports from SIEM Events If the available report modules do not suit your needs, you can generate your own module, whic...
UpPrevious Next Sheriff CSM™ Create New Accounts for LDAP Users Use this procedure to create new user accounts for LDAP users. For local users, see Create New Acc...
UpPrevious Next Sheriff CSM™ Create New Accounts for Local Users Use this procedure to create new user accounts for local Sheriff CSM users. For LDAP users, see C...
UpPrevious Next Sheriff CSM™ Create New Plugins Using the Plugin Builder In addition to the other methods described for customizing or creating new Sheriff CSM p...
UpPrevious Next Sheriff CSM™ Create Policy Conditions This topic explains how to configure policy conditions for external event policies, using the Default Policy...
UpPrevious Next Sheriff CSM™ Create Policy Consequences Policy Consequences are the final component to creating a policy, after Create a New Policy and Create Po...
UpPrevious Next Sheriff CSM™ CrowdStrike Falcon When you configure CrowdStrike Falcon to send log data to Sheriff CSM, you can use the CrowdStrikeas will Falcon ...
UpPrevious Next Sheriff CSM™ CrushFTP When you configure CrushFTP to send log data to Sheriff CSM, you can use the CrushFTP plugin to translate raw log data into...
UpPrevious Next Sheriff CSM™ Customize and Develop New Plugins Sheriff provides a large number of plugins as part of its default installation. In most environmen...
UpPrevious Next Sheriff CSM™ Customize Sheriff NIDS Rules Occasionally you may want to customize the Sheriff NIDS rules or enable a rule that is disabled by defa...
UpPrevious Next Sheriff CSM™ CyberArk Enterprise Password Vault When you configure CyberArk Enterprise Password Vault to send log data to Sheriff CSM, you can us...
UpPrevious Next Sheriff CSM™ D Link UTM Firewall When you configure D Link UTM Firewall to send log data to Sheriff CSM, you can use the D Link UTM Firewall plugi...
UpPrevious Next Sheriff CSM™ D Link Wireless Controller When you configure D Link Wireless Controller to send log data to Sheriff CSM, you can use the D Link Unif...
UpPrevious Next Sheriff CSM™ Default Functions Used in the Sheriff CSM Plugins The Sheriff CSM Server must receive normalized events in a predefined format. Sher...
UpPrevious Next Sheriff CSM™ Define Advanced Search Criteria for Security Events (SIEM) This topic describes how to define advanced search criteria when performi...
UpPrevious Next Sheriff CSM™ Dell EMC RecoverPoint When you configure Dell EMC RecoverPoint to send log data to Sheriff CSM, you can use the Dell EMC RecoverPoi...
UpPrevious Next Sheriff CSM™ Dell EqualLogic When you configure Dell EqualLogic to send log data to Sheriff CSM, you can use the Dell EqualLogic plugin to transla...
UpPrevious Next Sheriff CSM™ Dell SonicWALL When you configure Dell SonicWALL to send log data to Sheriff CSM, you can use the Dell SonicWALL plugin to translate ...
UpPrevious Next Sheriff CSM™ DenyAll Web Application Firewall (WAF) When you configure DenyAll Web Application Firewall (WAF) to send log data to Sheriff CSM, you...
UpPrevious Next Sheriff CSM™ Deploy Sheriff HIDS Agents You can deploy a Sheriff HIDS agent to a host * Through the Getting Started Wizard This option suppor...
UpPrevious Next Reputation Using Open Threat Exchange Reputation data as a policy condition, you can filter events from either the source or destination IP addre...
UpPrevious Next Sheriff CSM™ Develop New Plugins from Scratch %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" ...
UpPrevious Next Sheriff CSM™ Dtex Systems Dtex When you configure Dtex Systems Dtex to send log data to Sheriff CSM, you can use the Dtex plugin to translate raw...
UpPrevious Next Sheriff CSM™ ESET Antivirus When you configure ESET to send log data to Sheriff CSM, you can use the Eset plugin to translate raw log data into n...
UpPrevious Next Sheriff CSM™ Enable Plugins Sheriff provides more than one way to enable plugins in Sheriff CSM. First, you can enable plugins on specific discov...
UpPrevious Next Sheriff CSM™ Error Codes When Updating from Version 5.8.0 to Version 5.8.x To ensure that your deployment meets AT T Cybersecurity's requirements...
UpPrevious Next Sheriff CSM™ Establishing Baseline Network Behavior When you first start using Sheriff CSM, it is a good idea to let it run for a few days to det...
UpPrevious Next Sheriff CSM™ Event Collection, Processing, and Correlation Workflow All Sheriff CSM's security monitoring and management capabilities stem from i...
UpPrevious Next Event Priority Using Event Priority as a policy condition, you can filter events that are from a server according to how reliable the events are....
UpPrevious Next Sheriff CSM™ Event Storage Best Practices Sheriff CSM stores events in a database and refers to as SQL Storage. Sheriff CSM also stores the normal...
UpPrevious Next Sheriff CSM™ F5 BIG IP APM When you configure F5 BIG IP Access Policy Manager (APM, formerly FirePass) to send log data to Sheriff CSM, you can u...
UpPrevious Next Sheriff CSM™ File Integrity Monitoring You can configure Sheriff HIDS to perform File Integrity Monitoring (FIM), which identifies changes in sys...
UpPrevious Next Sheriff CSM™ Filtering Alarms in List View Both a high level overview and a detailed look at individual alarm types, the List View lets you filte...
UpPrevious Next Sheriff CSM™ ForeScout CounterACT When you configure ForeScout CounterACT to send log data to Sheriff CSM, you can use the ForeScout CounterACT pl...
UpPrevious Next Sheriff CSM™ Fortinet FortiGate When you configure Fortinet FortiGate to send log data to Sheriff CSM, you can use the FortiGate plugin to transl...
UpPrevious Next Sheriff CSM™ FreeIPA When you configure FreeIPA to send log data to Sheriff CSM, you can use the FreeIPA plugin to translate raw log data into no...
UpPrevious Next Sheriff CSM™ GTA Firewall When you configure GTA Firewall to send log data to Sheriff CSM, you can use the GTA Firewall plugin to translate raw l...
UpPrevious Next Sheriff CSM™ Global Properties Each correlation directive has the following global properties Global properties for correlation directives Prop...
UpPrevious Next Sheriff CSM™ HAProxy When you configure HAProxy to send log data to Sheriff CSM, you can use the plugin full name as appeared in product web UI p...
UpPrevious Next Sheriff CSM™ HP BladeSystem Chassis When you configure HP BladeSystem to send log data to Sheriff CSM, you can use the HP BladeSystem Chassis plu...
UpPrevious Next Sheriff CSM™ HP MSM Integrated Controller When you configure HP MSM Integrated Controller to send log data to Sheriff CSM, you can use the HP MSM...
UpPrevious Next Sheriff CSM™ High Availability Configuration %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" h...
UpPrevious Next Sheriff CSM™ How Do I Discover a Possibly Larger Attack in Progress? Most day to day security monitoring work involves detecting where security c...
UpPrevious Next Sheriff CSM™ Huawei IPS Module When you configure Huawei IPS Module to send log data to Sheriff CSM, you can use the Huawei IPS Module plugin to ...
UpPrevious Next Sheriff CSM™ Imperva SecureSphere When you configure Imperva SecureSphere to send log data to Sheriff CSM, you can use the Imperva securesphere p...
UpPrevious Next Sheriff CSM™ Introduction to Sheriff CSM This guide provides information for users of the Sheriff CSM system, that are responsible for monitoring...
UpPrevious Next Sheriff CSM™ Juniper SRX When you configure Juniper SRX to send log data to Sheriff CSM, you can use the Juniper SRX plugin to translate raw log ...
UpPrevious Next Sheriff CSM™ Kaspersky Security Center When you configure Kaspersky Security Center to send log data to Sheriff CSM, you can use the kaspersky sc ...
UpPrevious Next Sheriff CSM™ Kaspersky Security Center DataBase When you configure Kaspersky Security Center to send log data to Sheriff CSM, you can use the Kas...
UpPrevious Next Sheriff CSM™ Kerio Connect When you configure Kerio Connect to send log data to Sheriff CSM, you can use the plugin full name as appeared in prod...
UpPrevious Next Sheriff CSM™ LOGbinder for SharePoint When you configure LOGbinder for SharePoint to send log data to Sheriff CSM, you can use the LOGbinder for ...
UpPrevious Next Sheriff CSM™ Limit User Visibility with Entities %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="...
UpPrevious Next Sheriff CSM™ List of Sheriff CSM Reports Sheriff updates the Sheriff CSM reports on an on going basis. The following table lists the reports in a...
UpPrevious Next Sheriff CSM™ Log Collection and Normalization in Sheriff CSM The Sheriff CSM plugins process data collected from different data sources, parse and...
UpPrevious Next Sheriff CSM™ ManageEngine ADAudit Plus When you configure ManageEngine ADAudit Plus to send log data to Sheriff CSM, you can use the ADAudit Plus ...
UpPrevious Next Sheriff CSM™ Managing the Sheriff CSM Environment In addition to monitoring and analyzing events and alarms, there are other aspects of security ...
UpPrevious Next Sheriff CSM™ McAfee AntiSpam When you configure McAfee AntiSpam to send log data to Sheriff CSM, you can use the McAfee AntiSpam plugin to transla...
UpPrevious Next Sheriff CSM™ McAfeeWeb Gateway When you configure McAfeeWeb Gateway to send log data to Sheriff CSM, you can use the McAfeeWeb Gateway (mwg) plug...
UpPrevious Next Sheriff CSM™ Microsoft ATA When you configure Microsoft Advanced Threat Analytics (ATA) to send log data to Sheriff CSM, you can use the Microsoft...
UpPrevious Next Sheriff CSM™ Microsoft DHCP Server through NXLog When you configure Microsoft DHCP Server to send log data to Sheriff CSM, you can use the DHCP C...
UpPrevious Next Sheriff CSM™ Microsoft DNS Server through NXLog When you configure Microsoft DNS Server to send log data to Sheriff CSM, you can use the Microsof...
UpPrevious Next Sheriff CSM™ Microsoft Exchange Server through NXLog When you configure Microsoft Exchange Server to send log data to Sheriff CSM, you can use th...
UpPrevious Next Sheriff CSM™ Microsoft IIS FTP Server through NXLog The Microsoft Internet Information Services (IIS) Management Pack includes a FTP Server that ...
UpPrevious Next Sheriff CSM™ Microsoft IIS SMTP Server through NXLog When you configure Microsoft IIS SMTP Server to send log data to Sheriff CSM, you can use th...
UpPrevious Next Sheriff CSM™ Microsoft IIS through NXLog When you configure Microsoft Internet Information Services (IIS) to send log data to Sheriff CSM, you ca...
UpPrevious Next Sheriff CSM™ Microsoft NPS through NXLog When you configure Microsoft Network Policy Server (NPS) to send log data to Sheriff CSM, you can use th...
UpPrevious Next Sheriff CSM™ Microsoft Office 365 Cloud App Security When you configure Office 365 Cloud App Security (formerly named Office 365 Advanced Security...
UpPrevious Next Sheriff CSM™ Microsoft SCOM through NXLog When you configure Microsoft System Center Operations Manager (SCOM) to send log data to Sheriff CSM, y...
UpPrevious Next Sheriff CSM™ Microsoft SQL Server through NXLog When you configure Microsoft SQL Server to send log data to Sheriff CSM, you can use the MSSQL Se...
UpPrevious Next Sheriff CSM™ Microsoft Sysmon through NXLog When you configure Microsoft System Monitor (Sysmon) to send log data to Sheriff CSM, you can use the...
UpPrevious Next Sheriff CSM™ Microsoft Windows Event Logs through NXLog When you configure NXLog to send log data to Sheriff CSM, you can use the Nxlog plugin to...
UpPrevious Next Sheriff CSM™ Microsoft Windows Firewall through NXLog When you configure Microsoft Windows Firewall to send log data to Sheriff CSM, you can use ...
UpPrevious Next Sheriff CSM™ Migrate Your Sheriff CSM Deployment In some scenarios, such as disaster recovery, upgrades, or platform changes, you may choose to m...
UpPrevious Next Sheriff CSM™ MikroTik Router When you configure MikroTik Router to send log data to Sheriff CSM, you can use the MikroTik Router plugin to transl...
UpPrevious Next Sheriff CSM™ Modify a Built in Cross Correlation Rule Similar to correlation directives, you can customize cross correlation rules as well. Import...
UpPrevious Next Sheriff CSM™ Modify an Existing Policy You can modify any existing policy as needed. To modify an existing policy 1 From Configuration Threa...
UpPrevious Next Sheriff CSM™ Monitor User Activities Every Sheriff CSM user, regardless of role, has access to the following information: * My Profile Includ...
UpPrevious Next Sheriff CSM™ Motorola RFS 4000 When you configure Motorola RFS 4000 to send log data to Sheriff CSM, you can use the Motorola RFS 4000 plugin to ...
UpPrevious Next Sheriff CSM™ NBS System Naxsi When you configure NBS System Naxsi to send log data to Sheriff CSM, you can use the NBS System Naxsi plugin to tra...
UpPrevious Next Sheriff CSM™ NETGEAR Switch When you configure NETGEAR Switch to send log data to Sheriff CSM, you can use the NETGEAR Switch plugin to translate ...
UpPrevious Next Sheriff CSM™ NXLog Plugins Microsoft Windows includes different categories of logs (Security, System, or Application event logs) to record importa...
UpPrevious Next Sheriff CSM™ NetFlow Event Controls You are able to configure Sheriff CSM All In One to create events when anomalous bandwidth usage is detected i...
UpPrevious Next Sheriff CSM™ NetFlow Monitoring Configuration Many external NetFlow sources (such as routers and switches) have NetFlow capabilities already defi...
UpPrevious Next Sheriff CSM™ NetMotion Mobility When you configure NetMotion Mobility to send log data to Sheriff CSM, you can use the NetMotion Mobility plugin ...
UpPrevious Next Sheriff CSM™ Netwrix Auditor through NXLog When you configure Netwrix Auditor to send log data to Sheriff CSM, you can use the Netwrix Auditor pl...
UpPrevious Next Sheriff CSM™ ObserveIT through NXLog When you configure ObserveIT to send log data to Sheriff CSM, you can use the ObserveIT NXLog plugin to tran...
UpPrevious Next Sheriff CSM™ Operating System Upgrade in Version 5.8.0 Sheriff CSM version 5.8.0 includes an operating system (OS) upgrade to improve the performa...
UpPrevious Next Sheriff CSM™ Oracle JD Edwards EnterpriseOne When you configure Oracle JD Edwards EnterpriseOne to send log data to Sheriff CSM, you can use the ...
UpPrevious Next Sheriff CSM™ Oracle through NXLog When you configure Oracle Database to send log data to Sheriff CSM, you can use the Oracle NXLog plugin to tran...
UpPrevious Next Sheriff CSM™ Oracle WebLogic Server When you configure Oracle WebLogic Server to send log data to Sheriff CSM, you can use the Oracle WebLogic Se...
UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 1: Install and Maintain a Firewall Configuration to Protect Cardholder Data Testing Procedure How Sher...
UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 11: Regularly Test Security Systems and Processes Testing Procedure How Sheriff CSM Delivers Sherif...
UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 4: Encrypt Transmission of Cardholder Data Across Open, Public Networks Testing Procedure How Sheriff C...
UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 5: Protect All Systems Against Malware and Regularly Update Anti Virus Software or Programs Testing Proc...
UpPrevious Next Sheriff CSM™ PCI DSS 3.2 Requirement 8: Identify and Authenticate Access to System Components Testing Procedure How Sheriff CSM Delivers S...
UpPrevious Next Sheriff CSM™ PacketFence When you configure PacketFence to send log data to Sheriff CSM, you can use the PacketFence plugin to translate raw log ...
UpPrevious Next Sheriff CSM™ Palo Alto Networks PAN OS When you configure Palo Alto Networks PAN OS to send log data to Sheriff CSM, you can use the Palo Alto Net...
UpPrevious Next Sheriff CSM™ Palo Alto Networks Traps When you configure Palo Alto Networks Traps to send log data to Sheriff CSM, you can use the Palo Alto Netw...
UpPrevious Next Sheriff CSM™ Plugin Types The plugins included in Sheriff CSM are called detector plugins. They receive and extract events from logs, which inclu...
UpPrevious Next Sheriff CSM™ Policy Conditions Set policy conditions to determine which elements of an incoming event Sheriff CSM will process. You set these con...
UpPrevious Next Sheriff CSM™ Policy Consequences You can configure different consequences when creating or modifying a policy. Policy consequences define the way...
UpPrevious Next Sheriff CSM™ Policy Order and Grouping Policy Order Importance Policies consist of numbered rules that Sheriff CSM applies in descending order wh...
UpPrevious Next Sheriff CSM™ ProFTPD When you configure ProFTPD to send log data to Sheriff CSM, you can use the ProFTPD plugin to translate raw log data into no...
UpPrevious Next Sheriff CSM™ Proofpoint Protection Server When you configure Proofpoint Protection Server to send log data to Sheriff CSM, you can use the Proofp...
UpPrevious Next Sheriff CSM™ Pure Storage Purity Operating Environment When you configure Pure Storage Purity to send log data to Sheriff CSM, you can use the Pu...
UpPrevious Next Sheriff CSM™ RSA SecurID Access Identity Router (IDR) When you configure RSA SecurID Access Identity Router to send log data to Sheriff CSM, you ...
UpPrevious Next Sheriff CSM™ Rapid7 Nexpose When you configure Rapid7 Nexpose to send log data to Sheriff CSM, you can use the Rapid7 Nexpose plugin to translate...
UpPrevious Next Sheriff CSM™ Red Hat JBoss Middleware When you configure Red Hat JBoss Middleware to send log data to Sheriff CSM, you can use the Red Hat JBoss ...
UpPrevious Next Reputation Using Open Threat Exchange Reputation data as a policy condition, you can filter events from either the source or destination IP addre...
UpPrevious Next Sheriff CSM™ Review Event Details Event Details identifies all information Sheriff CSM collected about this event. It also displays the number of ...
UpPrevious Next Sheriff CSM™ Reviewing Alarms as a Group This task helps you sort alarms in bulk as a group when you have many alarms that are similar. You can a...
UpPrevious Next Sheriff CSM™ Reviewing Alarms as a List %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hidei...
UpPrevious Next Sheriff CSM™ STEALTHbits StealthINTERCEPT When you configure STEALTHbits StealthINTERCEPT to send log data to Sheriff CSM, you can use the Stealth...
UpPrevious Next Sheriff CSM™ Searching for Assets You can either search for or filter your assets by simply typing what you are looking for in the search box, in ...
UpPrevious Next Sheriff CSM™ SecureAuth When you configure SecureAuth to send log data to Sheriff CSM, you can use the SecureAuth plugin to translate raw log dat...
UpPrevious Next Sheriff CSM™ Security Events Views The Security Events (SIEM) page, under Analysis Security Events (SIEM), consists of two views: SIEM View and...
UpPrevious Next Sheriff CSM™ SentinelOne When you configure SentinelOne to send log data to Sheriff CSM, you can use the SentinelOne plugin to translate raw log d...
UpPrevious Next Sheriff CSM™ Set Up Password Policy for Local User Authentication If you decide to use authentication occurring locally in Sheriff CSM, Sheriff Cy...
UpPrevious Next Sheriff CSM™ Sheriff CSM Administration and Configuration During the course of using Sheriff CSM to manage and maintain network security in your ...
UpPrevious Next Sheriff CSM™ Sheriff CSM Deployment Types This section introduces the various Sheriff CSM components and explains the different deployment types....
UpPrevious Next Sheriff CSM™ Sheriff CSM Event Processing Workflow After Sheriff CSM is installed in your environment, events start flowing through the Sheriff ...
UpPrevious Next Sheriff CSM™ Sheriff CSM Event Processing Workflow After Sheriff CSM is installed in your environment, events start flowing through the Sheriff C...
UpPrevious Next Sheriff CSM™ Sheriff CSM Event Taxonomy Sheriff event taxonomy is a classification system for security events. It provides the Sheriff CSM correla...
UpPrevious Next Sheriff CSM™ Sheriff CSM Network Security Best Practices Providing strong and effective security for an organization’s network, IT infrastructure,...
UpPrevious Next Sheriff CSM™ Sheriff CSM Network Security Concepts and Terminology When working with Sheriff CSM and using the Sheriff CSM web UI to perform netw...
UpPrevious Next Sheriff CSM™ Sheriff CSM Security Monitoring and Analysis This section provides an overview of Sheriff CSM web UI main menu and submenu options an...
Sheriff NIDS A Sheriff CSM feature and data source for intrusion detection that monitors network traffic and attacks malicious events. In conjunction with event c...
UpPrevious Next Sheriff CSM™ Sheriff Vigilante® Installation Process Download Sheriff Vigilante The free, open source Sheriff Vigilante® ISO file can be found o...
UpPrevious Next Sheriff CSM™ Sheriff Vigilante Report Types Sheriff Vigilante Reports Sheriff Vigilante provides a set of simplified versions of the reports fou...
UpPrevious Next Sheriff CSM™ Shorewall Firewall When you configure Shorewall Firewall to send log data to Sheriff CSM, you can use the Sharewall Firewall plugin ...
UpPrevious Next Sheriff CSM™ Sophos Antivirus When you configure Sophos Antivirus to send log data to Sheriff CSM, you can use the Sophos Antivirus plugin to tra...
UpPrevious Next Sheriff CSM™ Sophos Central When you configure Sophos Central to send log data to Sheriff CSM, you can use the sophos central plugin to translate ...
UpPrevious Next Sheriff CSM™ Sophos Enterprise Console through NXLog When you configure Sophos Enterprise Console (SEC) to send log data to Sheriff CSM, you can ...
UpPrevious Next Sheriff CSM™ Sophos XG Firewall When you configure Sophos XG Firewall to send log data to Sheriff CSM, you can use the Sophos XG plugin to transla...
UpPrevious Next Sheriff CSM™ Symantec ATP When you configure Symantec ATP to send log data to Sheriff CSM, you can use the Symantec atp plugin to translate raw lo...
UpPrevious Next Sheriff CSM™ Symantec EPM When you configure Symantec EPM to send log data to Sheriff CSM, you can use the Symantec EPM plugin to translate raw l...
UpPrevious Next Sheriff CSM™ Taking Ownership of an Alarm As part of an alarm remediation response, you should take ownership of an alarm you want to work on. Th...
UpPrevious Next Task 3: Add a Level 2 Rule to Detect the Same Event with 100 Occurrences In this task, we try to match the same events selected in Task 2. We wan...
Examine Alarms and Security Events In this procedure, we describe the first and most straightforward method of investigating the trigger for a specific alarm. To ...
UpPrevious Next Sheriff CSM™ The Policy View %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" }...
UpPrevious Next Sheriff CSM™ The Sheriff CSM Web User Interface The Sheriff CSM web user interface (or web UI) provides access to all the tools and capabilities ...
UpPrevious Next Sheriff CSM™ Thycotic Software Secret Server When you configure Thycotic Software Secret Server to send log data to Sheriff CSM, you can use the T...
UpPrevious Next Time Range Time Range sets a period of time in which to match events. When configured, only events that occur during the specified time range are...
UpPrevious Next Sheriff CSM™ Trend Micro Deep Security When you configure Trend Micro Deep Security to send log data to Sheriff CSM, you can use the Trend Micro ...
UpPrevious Next Sheriff CSM™ Trend Micro Deep Security Inspector When you configure Trend Micro Deep Security Inspector to send log data to Sheriff CSM, you can ...
UpPrevious Next Sheriff CSM™ Trend Micro Vulnerability Protection When you configure Trend Micro Vulnerability Protection to send log data to Sheriff CSM, you can...
UpPrevious Next Sheriff CSM™ Tufin Orchestration Suite When you configure Tufin Orchestration Suite to send log data to Sheriff Appliance, you can use the Tufin O...
UpPrevious Next Sheriff CSM™ Tutorial: Create a New Directive to Detect DoS Attack Sometimes, you may find that none of the built in directives work in your envir...
UpPrevious Next Sheriff CSM™ Tutorial: Create a Plugin for Microsoft Exchange In this tutorial, we use Microsoft Exchange to show how to develop a log plugin. The...
UpPrevious Next Sheriff CSM™ Tutorial: Create a Policy to Discard Events As part of your efforts to reduce the amount of events triggered by non problematic, non...
UpPrevious Next Sheriff CSM™ Tutorial: Create a Policy to Send Emails for Account Lockout Events You can also use the send an email policy for things such as acco...
UpPrevious Next Sheriff CSM™ Tutorial: Create a Policy to Send Emails Triggered by Events For certain important events, you may want a notification to be sent to...
UpPrevious Next Sheriff CSM™ Tutorial: Modifying a Built In Directive Sheriff CSM comes with over 4,500 built in directives, written by the researchers in the AT...
UpPrevious Next Sheriff CSM™ USB Device Monitoring on Windows Systems In Sheriff CSM version 5.3, Host Intrusion Detection System (HIDS) rules and plugins have b...
UpPrevious Next Sheriff CSM™ Ubiquiti TOUGHSwitch PoE When you configure Ubiquiti TOUGHSwitch PoE to send log data to Sheriff CSM, you can use the Ubiquiti TOUGH...
UpPrevious Next Sheriff CSM™ Untangle NG Firewall When you configure Untangle NG Firewall to send log data to Sheriff CSM, you can use the Untangle NG Firewall p...
UpPrevious Next Sheriff CSM™ Update Sheriff CSM Online You need to update Sheriff CSM manually after a release becomes available. You can perform the update eithe...
UpPrevious Next Updating the SIEM Database Sheriff CSM must store all the plugin IDs and event types in its database before it can store any events. For this rea...
UpPrevious Next Sheriff CSM™ Using OTX in Sheriff CSM When you sign up for and connect your Open Threat Exchange® (OTX™) account to your Sheriff CSM instance, it...
UpPrevious Next Sheriff CSM™ VMware ESXi When you configure VMware ESXi to send log data to Sheriff CSM, you can use the VMware ESXi plugin to translate raw log ...
UpPrevious Next Sheriff CSM™ VMware SSO When you configure VMware vCenter SSO to send log data to Sheriff CSM, you can use the VMware SSO plugin to translate raw...
UpPrevious Next Sheriff CSM™ VMware vCenter When you configure VMware vCenter to send log data to Sheriff CSM, you can use the VMware vCenter plugin to translate...
UpPrevious Next Sheriff CSM™ VMware View Administrator When you configure VMware View Administrator to send log data to Sheriff CSM, you can use the VMware View ...
UpPrevious Next Sheriff CSM™ Varonis DatAdvantage When you configure Varonis DatAdvantage to send log data to Sheriff CSM, you can use the Varonis DatAdvantage p...
UpPrevious Next Sheriff CSM™ Verify that an Enabled Plugin Is Working Properly It's good practice to test whether or not a plugin is working correctly, after you...
UpPrevious Next Sheriff CSM™ Verifying Sheriff CSM Operation Once the basic installation and configuration of your Sheriff CSM system is completed (as described i...
UpPrevious Next Sheriff CSM™ Viewing Asset Details To view asset details from the Asset List view, double click a specific asset or click the magnifying glass () ...
UpPrevious Next Sheriff CSM™ Viewing Sheriff NIDS Events You can view Sheriff NIDS events the same way as you do any other security events. For reference, see Se...
Viewing the Scan Results This section covers the following subtopics: * Vulnerabilities Views * Viewing the Scan Results in HTML * Viewing the Scan Resul...
UpPrevious Next Sheriff CSM™ WatchGuard XCS When you configure WatchGuard XCS to send log data to Sheriff CSM, you can use the WatchGuard XCS plugin to translate ...
UpPrevious Next Sheriff CSM™ Watchguard XTM When you configure Watchguard XTM to send log data to Sheriff Appliance, you can use the Watchguard XTM plugin to tra...
UpPrevious Next Sheriff CSM™ Websense Web Security 7 When you configure Websense Web Security 7 to send log data to Sheriff CSM, you can use the websense7 plugin ...
UpPrevious Next Sheriff CSM™ Wing FTP Server through NXLog When you configure Wing FTP Server to send log data to Sheriff CSM, you can use the Wing FTP Server pl...
UpPrevious Next Sheriff CSM™ Working with Sheriff HIDS Rules Sheriff HIDS expands from the open source project, OSSEC, by providing additional rules that are esse...
UpPrevious Next Sheriff CSM™ zScaler NSS When you configure zScaler Nanalog Streaming Service (NSS) to send log data to Sheriff CSM, you can use the zScaler NSS ...