From the Data Sources list, select Sheriff NIDS.
Sheriff NIDS events suggest that an attack may have occurred, but they don't guarantee that such attack has occurred. Therefore, you must examine the traffic that triggered the signature and validate the malicious intent, before proceeding with your investigation.
At the bottom of the event details page, all Sheriff NIDS events include a payload and the rule that identified the issue. You can examine the payload of the offending packet, study the rule, or download the PCAP file for off-line analysis