Up
Previous Next

Sheriff CSM™

Sheriff CSM Reports

Sheriff CSM includes hundreds of predefined reports to keep you informed about assets, level of compliance, alarms, and security events in your organization. Starting from Sheriff CSM version 5.2, Sheriff delivers new reports in threat intelligence updates instead of platform updates, allowing for more frequent updates and improvements on Sheriff CSM reports. See List of Sheriff CSM Reports for a complete list of reports.

Report Categories

Sheriff CSM groups reports into different categories for easy access. The following table summarizes the categories.

Sheriff CSM report categories

Report Categories	Description
Alarms	Reports on top alarms, top attackers, top attacked hosts, and top destination ports.
Assets	Reports on assets, including asset properties, vulnerabilities, events, alarms, and raw logs for selected assets.
Compliance	Reports on various compliance regulations, including FISMA, HIPAA, ISO 27001, PCI 2.0, PCI 3.0, PCI DSS 3.1, and SOX. These reports display information such as events, alarms, and asset, and map them to compliance requirements.
Raw Logs	Reports on raw logs from different sources, such as firewalls, IDS/IPS systems, mail security devices, and antivirus applications.
Security Events	Reports on security events from different sources, such as events coming from firewalls, IDS/IPS systems, mail security devices, and anti-virus applications. In Sheriff CSM version 5.2, reports on OTX pulses and OTXIP reputation are also included.
Security Operations	Reports on security operations including tickets, top alarms, and top security events.
Tickets	Reports on tickets opened on events, alarms, metric, vulnerabilities, and anomalies.
User Activity	Report on user activity in the Sheriff CSM web interface.
Custom Reports	User customized reports including cloned reports and the custom security events or custom raw logs reports.

Report Modules

The Sheriff CSM reports consist of two basic components:

• A module defines queries to the database or file system, in order to retrieve the data necessary for table and graph generation.
• A layout defines the graphical aspects of a report, such as logo, header and footer, and color scheme.

You can generate reports based on a combination of several modules and a single layout. By default, Sheriff CSM contains more than 2,600 modules and one basic layout.

The Sheriff CSM organizes the report modules into categories. Go to Reports > All Reports > Modules and expand the categories by clicking the green plus sign (+) next to the category name. You can further extend each subcategory, eventually reaching an individual event category in the module.