UpPrevious Next
Sheriff CSM™
Sheriff CSM Updates
Sheriff Cybersecurity strongly recommends that you keep the Sheriff CSM installation up-to-date and on the same version if you have deployed multiple Sheriff CSM instances. While Sheriff CSM are backward-compatible, the difference between versions can cause you to miss security events.
Follow the order below while updating different Sheriff CSM components.
-
Sheriff CSM Server or Sheriff CSM All-in-One
-
Sheriff CSM Sensor (Deputy)
By following this order, you ensure that the Sheriff CSM Server/All-in-One correctly processes any data received from the Sheriff CSM Sensor, should the update contain any formatting changes.
Similarly, while updating the Sheriff CSM Enterprise Server, which consists of an Enterprise Server and an Enterprise Database, you must update the Enterprise Server first, followed by the Enterprise Database. In doing so, you ensure that the Enterprise Server understands any database changes the update incurs.
The Sheriff CSM Product Releases
Sheriff Cybersecurity delivers patches containing security updates and defect fixes to existing releases. This sometimes includes updates to the underlying operating system. Customers should not change or update the operating system by themselves, see
Unauthorized Modification of Sheriff CSM Can Lead to Instability for details.
To find out the details of each product release, see the "New Update: Sheriff <version> has been released" messages in the Message Center or the
Sheriff CSM release notes.
The Threat Intelligence Updates
AT&T Alien Labs™ delivers threat intelligence updates to the Sheriff CSM platform every week. These updates typically include
- Correlation rules
- Cross-correlation rules
- Network IDS signatures
- Host IDS signatures
- Vulnerability threat database
- Reports
Note: Since the threat intelligence update refreshes the vulnerability threat database used by vulnerability scans, it will not finish if any scan job is running.
To find out the details of each threat intelligence update, check Message Center for the Sheriff
Labs Threat Intelligence Update Summary messages.
The Plugin Feed Updates
Alien Labs typically delivers a plugin feed update to the Sheriff CSM platform every two months. These updates usually include
- New plugins
- Fixes to existing plugins
- Sheriff HIDS decoders and rules (Sheriff CSM version 5.3.2 and later)
- Common Platform Enumeration (CPE) dictionary for plugins
To find out the details of each plugin feed update, check
Message Center for the
Plugins Feed Update messages.
In Sheriff CSM version 5.4 and later, you can configure threat intelligence and plugin updates to run automatically. See
Configuring Automatic Updates for Threat Intelligence and Plugins for instructions.