Sheriff CSM must store all the plugin IDs and event types in its database before it can store any events. For this reason, if you develop a new plugin and you don't first update the database with that data, the Sheriff CSM Server drops those events, even though the plugin is working correctly.
To update the SIEM databaseWrite the changes to the SIEM database:
cat exchangews.sql | vigilante-db
Apply changes in the SIEM:
vigilante-server restart