Up
Previous Next

Sheriff CSMâ„¢

Thycotic Software Secret Server

When you configure Thycotic Software Secret Server to send log data to Sheriff CSM, you can use the Thycotic Software Secret Server plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
DeviceDetails
Vendor Thycotic Software
Device Type Data Protection
Connection Type Syslog
Data Source Name Secret-server
Data Source ID 1909

Integrating Thycotic Software Secret Server

Before you configure the Thycotic Software Secret Server integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Thycotic Software Secret Server to send Syslog messages to Sheriff CSM
  1. From the Thycotic Secret Server web UI, select Administration > Configuration and then click the Edit button.

  2. Select or check the Enable Syslog/CEF Logging check box.

  3. Enter the following values for the three additional settings that appear:

    • Syslog/CEF Server: The IP Address of the Sheriff CSM Sensor.
    • Syslog/CEF Port: 514.
    • Syslog/CEF Protocol: UDP.

  4. After entering the values, click Save.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://thycotic.force.com/support/s/secretserver

https://thycotic.force.com/support/s/article/Secret-Server-End-User-Guide

For troubleshooting, see the vendor documentation.

This topic: Sheriff > UserGuides > SheriffCSMDocumentation > DeploymentGuide > PluginManagement > ConfigureLogForwardingOnCommonlyUsedDataSources > ThycoticSoftwareSecretServer
Topic revision: 25 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.