UpPrevious Next Sheriff CSM™ Configuring High Availability for Sheriff CSM Standard Sensors (Deputies) This process has three tasks you perform in the following ...

UpPrevious Next Sheriff CSM™ File Integrity Monitoring You can configure Sheriff HIDS to perform File Integrity Monitoring (FIM), which identifies changes in sys...

UpPrevious Next Sheriff CSM™ VPN Configuration %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ Agentless Monitoring Sheriff HIDS allows you to run integrity checking without agents installed on hosts, network devices, routers, f...

UpPrevious Next Sheriff CSM™ Sheriff HIDS %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" }% ...

UpPrevious Next Sheriff CSM™ IDS Configuration %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ Deploying HIDS to Servers We recommend deploying a host based intrusion detection system (HIDS) to enable * File integrity monito...

UpPrevious Next Sheriff CSM™ Configuring Network Interfaces A Sheriff CSM All in One comes with six network interfaces, numbered eth0 to eth5. Sheriff CSM uses t...

UpPrevious Next Sheriff CSM™ Configure Network Interfaces Sheriff CSM All in One comes with six network interfaces, numbered eth0 to eth5. Sheriff CSM uses these ...

UpPrevious Next Sheriff CSM™ Sheriff CSM Initial Setup %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideim...

UpPrevious Next Sheriff CSM™ Register Sheriff CSM You can register Sheriff CSM in one of three ways %TWISTY{ showlink="Registering Sheriff CSM through the Web UI...

UpPrevious Next Sheriff CSM™ Sheriff Vigilante® Installation Process Download Sheriff Vigilante The free, open source Sheriff Vigilante® ISO file can be found o...

UpPrevious Next Sheriff CSM™ Deploy Sheriff CSM Using Hyper V Manager Microsoft Hyper V is a hypervisor that lets you create and manage virtual machines by using...

UpPrevious Next Sheriff CSM™ Deploy Sheriff CSM in VMware Sheriff offers Sheriff CSM for VMware in a Open Virtual Appliance (OVA) package, which is a tar archive ...

UpPrevious Next Sheriff CSM™ Sheriff CSM Deployment Types This section introduces the various Sheriff CSM components and explains the different deployment types....

UpPrevious Next Sheriff CSM™ Event Collection, Processing, and Correlation Workflow All Sheriff CSM's security monitoring and management capabilities stem from i...

UpPrevious Next Sheriff CSM™ Unauthorized Modification of Sheriff CSM Can Lead to Instability Sheriff CSM are built to provide customers with an easy to use solu...

UpPrevious Next Sheriff CSM™ What Is Telemetry Collection and How Does It Work At Sheriff Cyber Security, LLC, we are continually striving to improve Sheriff CSM...

UpPrevious Next Sheriff CSM™ Manage User Accounts %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=...

UpPrevious Next Sheriff CSM™ Control User Authorization with Templates Templates are reusable configurations that allow you to limit user access to parts of the S...

UpPrevious Next Sheriff CSM™ Entities and Assets Structure Tree Fields Use the Entities and Assets Structure tree to create, modify, and delete correlation contex...

UpPrevious Next Sheriff CSM™ Configure LDAP in Sheriff CSM This topic shows you how to configure Sheriff CSM to allow user authentication using LDAP, such as Mic...

UpPrevious Next Sheriff CSM™ Sheriff Vigilante Report Types Sheriff Vigilante Reports Sheriff Vigilante provides a set of simplified versions of the reports fou...

UpPrevious Next Sheriff CSM™ How Do I Discover a Possibly Larger Attack in Progress? Most day to day security monitoring work involves detecting where security c...

UpPrevious Next Sheriff CSM™ Incident Response %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Open Threat Exchange® and Sheriff CSM %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft...

UpPrevious Next Sheriff CSM™ Changing the Vulnerability Ticket Threshold As discussed in the Vulnerability Risk Factors, Sheriff CSM sets a threshold for vulnera...

UpPrevious Next Sheriff CSM™ Vulnerability Scans %TWISTY{ showlink="Performing Vulnerability Scans" hidelink="Performing Vulnerability Scans" start="show" sh...

UpPrevious Next Sheriff CSM™ Vulnerability Assessment %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimg...

UpPrevious Next Sheriff CSM™ Create Policy Consequences Policy Consequences are the final component to creating a policy, after Create a New Policy and Create Po...

UpPrevious Next Sheriff CSM™ Cross Correlation Rules The correlation engine uses cross correlation rules to connect NIDS events and vulnerabilities discovered by...

UpPrevious Next Sheriff CSM™ Tutorial: Create a New Directive to Detect DoS Attack Sometimes, you may find that none of the built in directives work in your envir...

UpPrevious Next Sheriff CSM™ Event Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Create a Ticket You can open a ticket in the following ways: * Automatically — based on a configured policy. See Create an Action...

UpPrevious Next Sheriff CSM™ NetFlow Troubleshooting If flow data from various NetFlow sources does not appear after a reasonable amount of time, you need to vali...

UpPrevious Next Sheriff CSM™ Back Up and Restore Events Sheriff CSM uses internal caches to ensure that communication interruptions between the Sheriff CSM Senso...

UpPrevious Next Sheriff CSM™ Creating a Network In Sheriff CSM, you can create a network either manually or by importing a CSV file. Creating a Network by Import...

UpPrevious Next Sheriff CSM™ Security Events Views The Security Events (SIEM) page, under Analysis Security Events (SIEM), consists of two views: SIEM View and...

UpPrevious Next Sheriff CSM™ Alarm Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Reviewing Alarms as a List %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hidei...

UpPrevious Next Sheriff CSM™ Viewing Asset Details To view asset details from the Asset List view, double click a specific asset or click the magnifying glass () ...

UpPrevious Next Sheriff CSM™ Adding Assets Sheriff CSM provides different ways to add your assets: Note: The Sheriff CSM system inserts new assets automatically ...

UpPrevious Next Sheriff CSM™ Assets and Groups It is important for security practitioners to know what assets are connected on the company network and how the de...

UpPrevious Next Sheriff CSM™ The Sheriff CSM Web User Interface The Sheriff CSM web user interface (or web UI) provides access to all the tools and capabilities ...

UpPrevious Next Sheriff CSM™ Create the Default Admin User When you connect to the Sheriff CSM web UI for the first time after installation and setup, Sheriff CS...

UpPrevious Next Sheriff CSM™ Deploy Sheriff CSM with AMI In this section, you will learn * Deploy the Sheriff CSM AMI * Connect to the AMI Through a Consol...

UpPrevious Next Sheriff CSM™ Upgrading a Sheriff CSM Deployment Configured for High Availability Prerequisites To upgrade Sheriff CSM to a new version, you must...

UpPrevious Next Sheriff CSM™ Example: Configuring High Availability for Sheriff CSM Standard Servers This topic provides an example of how to configure two Sheri...

UpPrevious Next Sheriff CSM™ Configuring High Availability in Sheriff CSM Standard Systems This section covers the following subtopics: * Configuring High Avai...

UpPrevious Next Sheriff CSM™ Deploy Sheriff HIDS Agents You can deploy a Sheriff HIDS agent to a host * Through the Getting Started Wizard This option suppor...