UpPrevious Next Sheriff CSM™ About Sheriff CSM %TWISTY{ showlink="table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ About Sheriff CSM Network Security Capabilities Sheriff CSM is designed primarily to help mid size organizations effectively defend t...

UpPrevious Next Sheriff CSM™ Alarm Details — Columns and Fields Alarm Details field descriptions Column/Field Name Description Status Whether or not t...

UpPrevious Next Sheriff CSM™ Alarms List — Fields Alarms list fields Column/Field Name Description Date Date and time Sheriff CSM completed alarm corr...

UpPrevious Next Sheriff CSM™ Alarms Tray – Fields Alarms tray field descriptions Sheriff CSM Field NameDescription Intent Strategy Describes the attack pa...

UpPrevious Next Sheriff CSM™ Create Policy Conditions This topic explains how to configure policy conditions for external event policies, using the Default Policy...

UpPrevious Next Reputation Using Open Threat Exchange Reputation data as a policy condition, you can filter events from either the source or destination IP addre...

UpPrevious Next Sheriff CSM™ Event Collection, Processing, and Correlation Workflow All Sheriff CSM's security monitoring and management capabilities stem from i...

UpPrevious Next Sheriff CSM™ Filtering Alarms in List View Both a high level overview and a detailed look at individual alarm types, the List View lets you filte...

UpPrevious Next Sheriff CSM™ Firewall Permissions Sheriff CSM components must use particular URLs, protocols, and ports to function correctly. Note: If deploying ...

UpPrevious Next Sheriff CSM™ How Do I Discover a Possibly Larger Attack in Progress? Most day to day security monitoring work involves detecting where security c...

UpPrevious Next Sheriff CSM™ List of Sheriff CSM Reports Sheriff updates the Sheriff CSM reports on an on going basis. The following table lists the reports in a...

UpPrevious Next Sheriff CSM™ Open Threat Exchange® and Sheriff CSM %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft...

UpPrevious Next Sheriff CSM™ Policy Conditions Set policy conditions to determine which elements of an incoming event Sheriff CSM will process. You set these con...

UpPrevious Next Reputation Using Open Threat Exchange Reputation data as a policy condition, you can filter events from either the source or destination IP addre...

UpPrevious Next Sheriff CSM™ Review Event Details Event Details identifies all information Sheriff CSM collected about this event. It also displays the number of ...

UpPrevious Next Sheriff CSM™ Reviewing Alarms as a Group This task helps you sort alarms in bulk as a group when you have many alarms that are similar. You can a...

UpPrevious Next Sheriff CSM™ Security Events Views The Security Events (SIEM) page, under Analysis Security Events (SIEM), consists of two views: SIEM View and...

UpPrevious Next Sheriff CSM™ Sheriff CSM Dashboards %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimglef...

UpPrevious Next Sheriff CSM™ Sheriff CSM Reports %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=...

UpPrevious Next Task 2: Add a Level 1 Rule to Detect the Event This task adds a level 1 rule for the directive created in Task 1. In this rule, we try to match o...

UpPrevious Next Sheriff CSM™ Tutorial: Create a New Directive to Detect DoS Attack Sometimes, you may find that none of the built in directives work in your envir...

UpPrevious Next Sheriff CSM™ Using OTX in Sheriff CSM When you sign up for and connect your Open Threat Exchange® (OTX™) account to your Sheriff CSM instance, it...