UpPrevious Next
Sheriff CSMâ„¢
Sheriff CSM Reports
Sheriff CSM includes hundreds of predefined reports to keep you informed about assets, level of compliance, alarms, and security events in your organization. Starting from Sheriff CSM version 5.2, Sheriff delivers new reports in threat intelligence updates instead of platform updates, allowing for more frequent updates and improvements on Sheriff CSM reports. See
List of Sheriff CSM Reports for a complete list of reports.
Report Categories
Sheriff CSM groups reports into different categories for easy access. The following table summarizes the categories.
Sheriff CSM report categories
Report Categories | Description |
Alarms | Reports on top alarms, top attackers, top attacked hosts, and top destination ports. |
Assets | Reports on assets, including asset properties, vulnerabilities, events, alarms, and raw logs for selected assets. |
Compliance | Reports on various compliance regulations, including FISMA, HIPAA, ISO 27001, PCI 2.0, PCI 3.0, PCI DSS 3.1, and SOX. These reports display information such as events, alarms, and asset, and map them to compliance requirements. |
Raw Logs | Reports on raw logs from different sources, such as firewalls, IDS/IPS systems, mail security devices, and antivirus applications. |
Security Events | Reports on security events from different sources, such as events coming from firewalls, IDS/IPS systems, mail security devices, and anti-virus applications. In Sheriff CSM version 5.2, reports on OTX pulses and OTXIP reputation are also included. |
Security Operations | Reports on security operations including tickets, top alarms, and top security events. |
Tickets | Reports on tickets opened on events, alarms, metric, vulnerabilities, and anomalies. |
User Activity | Report on user activity in the Sheriff CSM web interface. |
Custom Reports | User customized reports including cloned reports and the custom security events or custom raw logs reports. |
Report Modules
The Sheriff CSM reports consist of two basic components:
- A module defines queries to the database or file system, in order to retrieve the data necessary for table and graph generation.
- A layout defines the graphical aspects of a report, such as logo, header and footer, and color scheme.
You can generate reports based on a combination of several modules and a single layout. By default, Sheriff CSM contains more than 2,600 modules and one basic layout.
The Sheriff CSM organizes the report modules into categories. Go to
Reports > All Reports > Modules and expand the categories by clicking the green plus sign (
+) next to the category name. You can further extend each subcategory, eventually reaching an individual event category in the module.