UpPrevious Next
Sheriff CSMâ„¢
STEALTHbits StealthINTERCEPT
When you configure STEALTHbits StealthINTERCEPT to send log data to Sheriff CSM, you can use the StealthINTERCEPT plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
Plugin Information
Device | Details |
Vendor | STEALTHbits |
Device Type | Unified Threat Management |
Connection Type | Syslog |
Data Source Name | StealthINTERCEPT |
Data Source ID | 1902 |
Integrating STEALTHbits StealthINTERCEPT
Before you configure the STEALTHbits StealthINTERCEPT integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).
To configure STEALTHbits StealthINTERCEPT to send Syslog messages to Sheriff CSM
- Log in to your STEALTHbits StealthINTERCEPT server.
-
Start the Administration Console.
-
Select Configuration > Syslog Server and configure the following parameters:
- Host Address: Enter your Sheriff CSM IP address.
- Port: Enter port number 514.
-
Click Import mapping file.
-
Select the SyslogLeefTemplate.txt
file and press Enter.
-
Click Save.
- In the Administration Console, click Actions.
-
Select the mapping file that you just imported, and then select the Send to Syslog check box.
Note: Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.
- Click Add.
Plugin Enablement
For plugin enablement information, see
Enable Plugins.
Additional Resources and Troubleshooting
https://www.stealthbits.com/stealthintercept-product
For troubleshooting, refer to the vendor documentation:
https://www.stealthbits.com/support