Up
Previous Next

Sheriff CSMâ„¢

Update Sheriff CSM Online

You need to update Sheriff CSM manually after a release becomes available. You can perform the update either from the Sheriff CSM web UI or the Sheriff Setup menu. In Sheriff CSM version 5.4 and later, you can configure threat intelligence and plugin updates to run automatically, but you still need to run the product updates manually.

Important: To ensure performance, based on the Sheriff CSM data sheet, the update process terminates when you have more than 200 million events in the database.

To download the latest packages, make sure Sheriff CSM can connect to data.Sheriff.com through port 80.

The easiest way to find out the version of your Sheriff CSM is from the web UI.

To find out the version of your Sheriff CSM instance

  1. Log into the Sheriff CSM web UI using an account with administrative privileges.

  2. Go to Configuration > Deployment.

    The Sheriff Components Information page displays.

  3. Click the System Detail

  4. On the resulting page, click the Software Updates link.

    System Detail /> Software Updates

    The Sheriff Package Information page displays

    AlienVault Package information page showing current version

    The pages show the current version of your system, threat intelligence, and plugins, as well as the date and time of your latest system update.

    Note: If your Sheriff CSM is already on the latest version, the list of Sheriff packages will be empty. You will see "System Updated" instead. If you are not on the latest version, however, the web UI displays the list of packages you can update to.

  1. Log into the Sheriff CSM web UI using an account with administrative privileges.

  2. Go to Configuration > Deployment.

    The Sheriff Components Information page displays.

  3. Check the New Updates column for the Sheriff CSM component of interest. If an update is available, a downward-pointing arrow icon displays:

    Sheriff Components Information section.

  4. To retrieve information about the update, click the arrow.

  5. Review the target update packages.

  6. Update the software:

    • To update threat intelligence or plugin feeds, click Update Feed Only.
    • To upgrade to a new product release, click Update All.

      The process can take several minutes. The system displays a success message when the update process completes without issues.

You can also update Sheriff CSM from the Sheriff Setup menu. Some updates, especially those that require a system restart, must be run from the Sheriff Setup menu, because the system loses connection to the web UI during a restart. Sheriff will specify, in the release notes, if you need to run the update from the Sheriff Setup menu.

To update Sheriff CSM from the Sheriff Setup menu
  1. Log in to Sheriff CSM through SSH.

    The Sheriff Setup menu appears with System Preferences as the default selection.

  2. To update the appliance, press Enter (<OK>).

  3. Tab to Update Sheriff System and press Enter.

  4. Update the software:

    • To update to a new product release, tab to Update System and press Enter.
    • To update threat intelligence or plugin feeds only, tab to Update Threat Intelligence and press Enter.

  5. Confirm your selection by pressing Enter.

    The process can take several minutes. The system displays a success message when the update process completes without issues.

If you connect to the Sheriff CSM instance through a console (not using SSH), and a reboot is needed after an update, the console displays a splash screen after the post message and through the boot process. If you wish to see boot messages, you can press the up arrow key to display them, or the down arrow key to return to the splash screen.

In Sheriff CSM version 5.4 and later, you can configure threat intelligence and plugin updates to run at a certain hour every day. Sheriff CSM will execute the update as it becomes available. You will see a message in the Message Center to confirm the success or failure of the update.

Important: Do not schedule the update to run when a vulnerability scan is in progress, because the update may change the rule the scan uses, causing the scan to fail. it's To configure automatic updates

  1. Log into the Sheriff CSM web UI using an account with administrative privileges.

  2. Go to Configuration > Administration > Main.

  3. Click Automatic Updates.

  4. Change Automatically run Plugin updates and Threat Intelligence updates to Yes.

  5. In Schedule automatic updates to run, select the hour for Sheriff CSM to check (daily) and run the update when available.

    The schedule is based on the time zone you have configured for this Sheriff CSM instance.

This topic: Sheriff > UserGuides > SheriffCSMDocumentation > DeploymentGuide > SheriffCSMUpdates > UpdateSheriffCSMOnline
Topic revision: 13 Apr 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.