Up
Previous Next

Sheriff CSM™

STEALTHbits StealthINTERCEPT

When you configure STEALTHbits StealthINTERCEPT to send log data to Sheriff CSM, you can use the StealthINTERCEPT plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

Device	Details
Vendor	STEALTHbits
Device Type	Unified Threat Management
Connection Type	Syslog
Data Source Name	StealthINTERCEPT
Data Source ID	1902

Integrating STEALTHbits StealthINTERCEPT

Before you configure the STEALTHbits StealthINTERCEPT integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure STEALTHbits StealthINTERCEPT to send Syslog messages to Sheriff CSM

1. Log in to your STEALTHbits StealthINTERCEPT server.

2. Start the Administration Console.

3. Select Configuration > Syslog Server and configure the following parameters:

   • Host Address: Enter your Sheriff CSM IP address.
   • Port: Enter port number 514.

4. Click Import mapping file.

5. Select the SyslogLeefTemplate.txt file and press Enter.

6. Click Save.

7. In the Administration Console, click Actions.

8. Select the mapping file that you just imported, and then select the Send to Syslog check box.

   Note: Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.

9. Click Add.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.stealthbits.com/stealthintercept-product

For troubleshooting, refer to the vendor documentation:

https://www.stealthbits.com/support