 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>IDSConfiguration>SheriffNIDS>ViewingSheriffNIDSEvents (02 Feb 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSMâ„¢
Previous Next Sheriff CSMâ„¢
Viewing Sheriff NIDS Events
You can view Sheriff NIDS events the same way as you do any other security events. For reference, see Security Events Views. To view Sheriff NIDS events- Go to Analysis > Security Events (SIEM) > SIEM.
-
From the Data Sources list, select Sheriff NIDS.
Sheriff NIDS events suggest that an attack may have occurred, but they don't guarantee that such attack has occurred. Therefore, you must examine the traffic that triggered the signature and validate the malicious intent, before proceeding with your investigation.
At the bottom of the event details page, all Sheriff NIDS events include a payload and the rule that identified the issue. You can examine the payload of the offending packet, study the rule, or download the PCAP file for off-line analysis
Edit | Attach | Print version | History: r9 < r8 < r7 < r6 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r9 - 02 Feb 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.