Environment Status Colors and Meanings for Asset Groups Environment StatusColorMeaning HIDS Green All the assets in this group have HIDS agents deployed and ...

UpPrevious Next Sheriff CSM™ Viewing Asset Group Details From the Asset Group List view, when you double click a specific asset group, or click the magnifying gla...

UpPrevious Next Sheriff CSM™ Labeling the Assets You can use labels to further classify your assets and later use them when Searching for Assets. To label your as...

UpPrevious Next Sheriff CSM™ Error Codes When Updating from Version 5.8.0 to Version 5.8.x To ensure that your deployment meets AT T Cybersecurity's requirements...

UpPrevious Next Sheriff CSM™ Enable Plugins Sheriff provides more than one way to enable plugins in Sheriff CSM. First, you can enable plugins on specific discov...

UpPrevious Next Sheriff CSM™ About Sheriff CSM System Architecture and Components As a unified security platform, Sheriff CSM combines several critical security ...

UpPrevious Next Sheriff CSM™ Verifying the VPN Connection To verify the VPN connection 1 Open a browser window, using the VPN server IP, and log into Sheriff C...

UpPrevious Next Sheriff CSM™ Configure Custom HTTPS Certificates in Sheriff CSM You can secure Sheriff CSM by providing your own SSL certificates from a Certific...

UpPrevious Next Sheriff CSM™ Network Group Administration This section covers the following subtopics: * Network Group List View * Managing Network Groups

UpPrevious Next Sheriff CSM™ Back Up and Restore Alarms By default, Sheriff CSM stores alarms in the database until you delete them manually. To save disk space,...

UpPrevious Next Sheriff CSM™ Disabling High Availability About Disabling HA in Network Nodes You must disable HA components in the following order: Sheriff CS...

UpPrevious Next Sheriff CSM™ Viewing Sheriff NIDS Events You can view Sheriff NIDS events the same way as you do any other security events. For reference, see Se...

UpPrevious Next Sheriff CSM™ Vulnerability Scan Profiles %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hide...

UpPrevious Next Sheriff CSM™ Global Properties Each correlation directive has the following global properties Global properties for correlation directives Prop...

UpPrevious Next Sheriff CSM™ Define Advanced Search Criteria for Security Events (SIEM) This topic describes how to define advanced search criteria when performi...

UpPrevious Next Sheriff CSM™ Network Group List View From the Network Group List view (Environment Assets Groups Network Groups), you can create and manage...

UpPrevious Next Sheriff CSM™ Viewing Network Details From the Network List View, you can double click a specific network or click the view icon () at the end of t...

UpPrevious Next Sheriff CSM™ Selecting Assets in Asset List View To select a single asset * Select the check box to the left of the asset. To select multiple a...

UpPrevious Next Sheriff CSM™ Searching for Assets You can either search for or filter your assets by simply typing what you are looking for in the search box, in ...

UpPrevious Next Sheriff CSM™ Managing the Sheriff CSM Environment In addition to monitoring and analyzing events and alarms, there are other aspects of security ...

UpPrevious Next Sheriff CSM™ Sheriff CSM Administration and Configuration During the course of using Sheriff CSM to manage and maintain network security in your ...

UpPrevious Next Sheriff CSM™ Monitor User Activities Every Sheriff CSM user, regardless of role, has access to the following information: * My Profile Includ...

UpPrevious Next Sheriff CSM™ Update Your User Profile All users can update their personal information and password in their own user profile. To update your accou...

UpPrevious Next Sheriff CSM™ Enable or Disable a User Account User accounts are enabled automatically when they are created. You can disable or enable them again ...

UpPrevious Next Sheriff CSM™ Delete a User Account Important: Before deleting a user in Sheriff CSM, check to see if this user has scheduled any vulnerability sca...

UpPrevious Next Sheriff CSM™ Set Up Password Policy for Local User Authentication If you decide to use authentication occurring locally in Sheriff CSM, Sheriff Cy...

UpPrevious Next Sheriff CSM™ Using OTX in Sheriff CSM When you sign up for and connect your Open Threat Exchange® (OTX™) account to your Sheriff CSM instance, it...

UpPrevious Next Sheriff CSM™ Modifying a Custom Scan Profile To modify a custom profile for vulnerability scans 1 Go to Environment Vulnerabilities Overvi...

UpPrevious Next Sheriff CSM™ Comparing the Results from Two Scans The Sheriff CSM web interface can display a comparison of the results in both text and graphica...

UpPrevious Next Sheriff CSM™ Importing Scan Results This option allows you to import results from external scanners to create reports or perform cross correlatio...

UpPrevious Next Sheriff CSM™ Viewing the Scan Results in HTML To view the results of the scan report in HTML within the same browser 1 Go to Environment Vul...

UpPrevious Next Sheriff CSM™ Tutorial: Create a Policy to Discard Events As part of your efforts to reduce the amount of events triggered by non problematic, non...

UpPrevious Next Sheriff CSM™ Create a New Policy %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="...

UpPrevious Next Sheriff CSM™ Policy Consequences You can configure different consequences when creating or modifying a policy. Policy consequences define the way...

UpPrevious Next Sheriff CSM™ Policy Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Modify a Built in Cross Correlation Rule Similar to correlation directives, you can customize cross correlation rules as well. Import...

UpPrevious Next Sheriff CSM™ Create a New Cross Correlation Rule In this example, we explain how to create a cross correlation rule to detect a MySQL authenticati...

UpPrevious Next Sheriff CSM™ Cross Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ Knowledge DB Some built in correlation directives also include a link that points to a document in the Sheriff Knowledge Base (Confi...

UpPrevious Next Sheriff CSM™ Directive Information The first column on the left lists some additional information (called properties) about the directive, such a...

UpPrevious Next Sheriff CSM™ Correlation Rules A correlation rule defines a condition to match incoming events. Refer to How Does Correlation Work? for details. T...

UpPrevious Next Sheriff CSM™ Correlation Directives Sheriff CSM provides over 4,500 built in directives and adds more every week through the AT T Alien Labs™ Thr...

UpPrevious Next Sheriff CSM™ Ticket Management %TWISTY{ showlink="Ticket Management" hidelink="Ticket Management" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Capture and Examine Packets Sheriff CSM integrated packet capture functionality allows you to capture traffic on your network for off...

UpPrevious Next Sheriff CSM™ NetFlow Event Controls You are able to configure Sheriff CSM All In One to create events when anomalous bandwidth usage is detected i...

UpPrevious Next Sheriff CSM™ Sheriff CSM Event Taxonomy Sheriff event taxonomy is a classification system for security events. It provides the Sheriff CSM correla...

UpPrevious Next Sheriff CSM™ Event Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Back Up and Restore Alarms By default, Sheriff CSM stores alarms in the database until you delete them manually. To save disk space,...

UpPrevious Next Sheriff CSM™ Network List View Sheriff CSM provides a centralized view for managing your networks. It has a similar look and feel to the Asset Li...

UpPrevious Next Sheriff CSM™ Asset Group List View An asset group is an administratively created object that pools similar assets used for specific purposes. Sher...