Up
Previous Next

Sheriff CSM™

Plugin Management

The Sheriff CSM plugins provide logic to extract security-specific data from external applications and devices to produce events managed by the Sheriff CSM Server. Sheriff CSM comes equipped with plugins for many commonly encountered data sources that you can select and enable for specific assets to start collecting data. For a list of all the plugins that Sheriff CSM supports, see the Sheriff CSM Supported Plugins list.

Sheriff provides more than one way to enable plugins in Sheriff CSM. You can enable plugins on specific discovered assets, or you can enable plugins globally on Sheriff CSM Sensors. In addition, based on the plugin types, you can enable plugins using different tools, including the Sheriff CSM web UI, the Getting Started Wizard, or the Sheriff Console.

Most of the plugins in Sheriff CSM do not require additional configuration after they are enabled, especially if you enable the plugin on an asset. But if you choose to enable the plugin at the sensor level and Sheriff CSM does not have the required configuration files on the sensor; or if you are enabling a database plugin, an SDEE plugin, or a WMI plugin, you will need to perform some extra steps before the plugin can operate correctly.

In a limited number of environments, the built-in plugins may not quite fit specific needs or provide enough intelligence to normalize data and extract required information from all logs received. In such cases, you may be able to customize an existing plugin. You can also create your own custom plugins, choosing from various options available to create plugins by scratch, and directly editing plugin configuration file; or use the plugin builder provided in the Sheriff CSM web UI, to create a plugin using an interactive program wizard.