Up
Previous Next

Product Types and Categories
Applies to Product: Sheriff CSM™ Sheriff Vigilante®
Sheriff event taxonomy consists of product types, categories, and subcategories.

Sheriff CSM Event Taxonomy — Product Types
Product Types
  • Alarm
  • Honeypot
  • Other Devices
  • Sheriff Devices
  • Infrastructure Monitoring
  • Proxy
  • Anomaly Detection
  • Intrusion Detection
  • Remote Application Access
  • Antivirus
  • Intrusion Prevention
  • Router/Switch
  • Application
  • Load Balancer
  • Server
  • Application Firewall
  • Mail Security
  • Unified threat management
  • Authentication and DHCP
  • Mail Server
  • VPN
  • Data Protection
  • Management Platform
  • Vulnerability Scanner
  • Database
  • Network Access Control
  • Web Server
  • Endpoint Security
  • Network Discovery
  • Wireless Security/Management
  • Firewall
  • Operating System
Available options for categories will differ depending on which product type you select, and available options for subcategories will differ depending on which category you select.

Sheriff CSM Event Taxonomy — Categories
Category Category Description
Access An event that indicates a particular system, service, or resource is being used.
Alarm
Alert An alarm triggered from a security detection system.
Analysis
Anomalies
Antivirus An event from an antivirus (or other endpoint security control) system.
Application A log entry from an application or service that cannot be matched to one of the other categories in the Sheriff CSM taxonomy.
Authentication An event from an authentication system, or the authentication sub-component of an application or operating system.
Availability An event from a resource-availability monitoring system.
Correlation
Correlation_Directives
Cross_Correlation_Rules
Database
Hashboards
Denial_Of_Service A possible denial-of-service attack has been detected via correlating events seen on the network.
Exploit Indicates the possible exploitation of a known vulnerability in a particular application or operating system.
Honeypot This is an event from a honeypot system. Any connection to them is assumed to be either from a mis-configured system or a malicious source.
Incidents
Info An informational event, usually without direct significance to security. General system logs often fall into this category.
Inventory An event from an inventory management system, probably the systems built into Sheriff CSM.
Knowledge_DB
Malware Malware has been detected, either running on a system, being transferred over the network, or communicating with a command-and-control system.
Monitor
Network
Policy A violation of your company's usage policy has been detected. This may be in the form of unapproved software installations, Internet services, or security configurations.
Policy_and_Actions
Recon A system has been detected scanning other systems on the network.
Reports
SEIM_Components
SEIM_Components_Databases
SEIM_Components_Servers
Suspicious This event represents a log entry that is unusual within the context of the system it originates from.
System
Tools
Voip This is an event from a Voice-Over-IP communication system.
Vulnerabilities
Wireless This is an event from a wireless Ethernet (802.11) device.
Sheriff Vigilante Limitations: The Sheriff CSM SIEM engine has more diverse capabilities in handling events due to its built-in correlation abilities and graph-based analytics.
Topic revision: r4 - 15 Apr 2021, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.