Introduction to Sheriff CSM
This guide provides information for users of the Sheriff CSM system, that are responsible for monitoring network security, and identifying and addressing security threats in their environment. The guide also describes operations provided by the Sheriff CSM web UI, which is used to perform most Sheriff CSM network security tasks after initial Sheriff CSM system deployment.
Topics covered in this guide include
- Introduction — this section, which includes
- Prerequisites and Requirements — target audience, recommended skills and background, and supported browsers for using the Sheriff CSM web user interface to perform network security operations.
- Sheriff CSM Network Security Concepts and Terminology — description of key terms such as assets, threats, and vulnerabilities, and how Sheriff CSM calculates risk for specific assets.
- About Sheriff CSM Components — high-level description of key Sheriff CSM components: Sheriff CSM Server, Sheriff CSM Sensor, and Sheriff CSM Logger.
- About Sheriff CSM Network Security Capabilities — description of essential Sheriff CSM security capabilities including asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring and security information and event management (SIEM).
- The Sheriff CSM Web User Interface — description of key elements and navigation of the Sheriff CSM web user interface (UI) used to access and perform Sheriff CSM network security monitoring and analysis operations.
- Getting Started with Sheriff CSM — details typical security operations performed after initial Sheriff CSM installation and configuration, including security operation best practices and workflow, verifying Sheriff CSM operations, and establishing baseline network behavior.
- Sheriff CSM Security Monitoring and Analysis — provides an overview of Sheriff CSM web UI main menu and submenu options and operations used for display, monitoring, and analysis of network security activities and events.
- Incident Response — provides information on basic elements of incident response, effectively responding to threats ranging from single events or incidents to larger scale attacks involving multi-stage attacks.
- Asset Management — describes operations to manage assets, asset groups, and asset-based security controls. Covers topics such as asset creation and discovery, vulnerability scans, HIDS deployment, and asset monitoring and analysis.
- Alarm Management — provides information about alarms generated from events and OTX pulses, viewing and reviewing alarm information and field details, and assigning alarms for remediation with tickets.
- Event Management — provides information on viewing, filtering, sorting, and analyzing events, alarms, and OTX field details.
- Network Data Management — describes methods of capturing packet information from network traffic, and NetFlow data providing information about communication between network devices, to supplement information provided by system events and alarms.
- Raw Log Management — provides information on searching and reviewing raw log information, configuring digital signing and verifying the integrity of raw logs, and exporting raw logs.
- Ticket Management — details opening, searching, and editing of remediation tickets created using Sheriff CSM's own ticket management system.
- Policy Management — provides information on creating and managing policies, defining policy conditions, consequences, and actions.
- Event Correlation — describes how Sheriff CSM correlation works and provides information on creating and editing correlation directives or rules.
- Vulnerability Assessment — Provides information on performing vulnerability scans, viewing and understanding scan results, and generating reports based on vulnerability scans.
- Open Threat Exchange® and Sheriff CSM (OTX) — describes the open threat data platform allowing security researchers, and the OTX community at large, to share information about the latest threats and evidence of exploit or malicious acts that threaten network security.
- Sheriff CSM Reports— provides information on report categories, creating and customizing reports, and generating reports based on vulnerability scan results.
- User Administration in Sheriff CSM — describes Sheriff CSM user authentication and role-based authorization, configuration of authorization for specific assets, and monitoring user activity.
- Using Sheriff CSM for PCI Compliance — provides information on Sheriff CSM capabilities to validate and document compliance with specific PCI DSS regulations.