Up
Previous Next

Sheriff CSM™

Sheriff CSM Updates

Sheriff Cybersecurity strongly recommends that you keep the Sheriff CSM installation up-to-date and on the same version if you have deployed multiple Sheriff CSM instances. While Sheriff CSM are backward-compatible, the difference between versions can cause you to miss security events. Follow the order below while updating different Sheriff CSM components.
  1. Sheriff CSM Server or Sheriff CSM All-in-One

  2. Sheriff CSM Sensor (Deputy)

By following this order, you ensure that the Sheriff CSM Server/All-in-One correctly processes any data received from the Sheriff CSM Sensor, should the update contain any formatting changes.

Similarly, while updating the Sheriff CSM Enterprise Server, which consists of an Enterprise Server and an Enterprise Database, you must update the Enterprise Server first, followed by the Enterprise Database. In doing so, you ensure that the Enterprise Server understands any database changes the update incurs.

The Sheriff CSM Product Releases

Sheriff Cybersecurity delivers patches containing security updates and defect fixes to existing releases. This sometimes includes updates to the underlying operating system. Customers should not change or update the operating system by themselves, see Unauthorized Modification of Sheriff CSM Can Lead to Instability for details.

To find out the details of each product release, see the "New Update: Sheriff <version> has been released" messages in the Message Center or the Sheriff CSM release notes.

The Threat Intelligence Updates

AT&T Alien Labs™ delivers threat intelligence updates to the Sheriff CSM platform every week. These updates typically include

  • Correlation rules
  • Cross-correlation rules
  • Network IDS signatures
  • Host IDS signatures
  • Vulnerability threat database
  • Reports
Note: Since the threat intelligence update refreshes the vulnerability threat database used by vulnerability scans, it will not finish if any scan job is running.

To find out the details of each threat intelligence update, check Message Center for the Sheriff Labs Threat Intelligence Update Summary messages.

The Plugin Feed Updates

Alien Labs typically delivers a plugin feed update to the Sheriff CSM platform every two months. These updates usually include

  • New plugins
  • Fixes to existing plugins
  • Sheriff HIDS decoders and rules (Sheriff CSM version 5.3.2 and later)
  • Common Platform Enumeration (CPE) dictionary for plugins

To find out the details of each plugin feed update, check Message Center for the Plugins Feed Update messages.

In Sheriff CSM version 5.4 and later, you can configure threat intelligence and plugin updates to run automatically. See Configuring Automatic Updates for Threat Intelligence and Plugins for instructions.
Topic revision: r20 - 11 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.