Up
Previous Next Sheriff CSM™ Sheriff CSM Event Taxonomy Sheriff event taxonomy is a classification system for security events. It provides the Sheriff CSM correlation engine with a standardized framework of product types, categories, and subcategories on which to operate. Normalizing disparately formatted log entries received from different types of assets into taxonomy's single framework enables the correlation engine to detect patterns of behavior occurring across all managed assets. Sheriff event taxonomy is used in conjunction with data sources in the following areas on Sheriff CSM:
Clicking the category or subcategory directly opens a new page displaying all the data sources associated with the category or subcategory respectively.
Sheriff CSM uses event taxonomy to classify data sources (the product type) and provide further granularity that defines the category and subcategory for each event type.
Go to Configuration > Threat Intelligence > Data Source to view the list of data sources and their product types.
Click the 
icon to view the category and subcategories assigned to the event type:
For a list of product types, categories, and sub categories that comprise the Sheriff event taxonomy, see Product Types and Categories.
Sheriff Vigilante Limitations: The Sheriff CSM SIEM engine has more diverse capabilities in handling events due to its built-in correlation abilities and graph-based analytics.
Previous Next Sheriff CSM™ Sheriff CSM Event Taxonomy Sheriff event taxonomy is a classification system for security events. It provides the Sheriff CSM correlation engine with a standardized framework of product types, categories, and subcategories on which to operate. Normalizing disparately formatted log entries received from different types of assets into taxonomy's single framework enables the correlation engine to detect patterns of behavior occurring across all managed assets. Sheriff event taxonomy is used in conjunction with data sources in the following areas on Sheriff CSM:
-
Policies — Policy conditions use taxonomy to define the types of events that Sheriff CSM should process. Event types can be selected using either DS Groups or Taxonomy. See Policy Conditions for a description of taxonomy event types.
-
Correlation Directives — Similar to policies, when creating a new directive, you can use taxonomy to specify the plugins (data sources) that the directive concentrates on.
-
Security Events — Taxonomy information for individual security events is displayed on the event details page. See Review Event Details for more information.
Clicking the category or subcategory directly opens a new page displaying all the data sources associated with the category or subcategory respectively.
Sheriff CSM uses event taxonomy to classify data sources (the product type) and provide further granularity that defines the category and subcategory for each event type.
Go to Configuration > Threat Intelligence > Data Source to view the list of data sources and their product types.
Click the icon to view the category and subcategories assigned to the event type:
For a list of product types, categories, and sub categories that comprise the Sheriff event taxonomy, see Product Types and Categories.
Sheriff Vigilante Limitations: The Sheriff CSM SIEM engine has more diverse capabilities in handling events due to its built-in correlation abilities and graph-based analytics.This topic: Sheriff > UserGuides > SheriffCSMDocumentation > UserGuide > EventManagement > SheriffCSMEventTaxonomy
Topic revision: 02 Dec 2021, SheriffCyberSecurity
Topic revision: 02 Dec 2021, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.