Property | Description |
---|---|
ID | A unique identifier for the directive. It becomes the Event Type ID when a directive event is created. Note: The ID of a directive is not displayed in the web interface. |
Name | A meaningful name for the directive. It becomes the name of the directive event or the alarm. |
Intent, Strategy, Method | Describe what the correlation directive tries to detect. These properties help categorize directive events according to the Sheriff CSM Taxonomy. |
Priority | Defines the impact of the detected attack. Sheriff CSM uses it in the risk calculation of a directive event. All events generated by the directive have their priority set to the priority value of the directive. |