UpPrevious Next Sheriff CSM™ Deleting the Assets To delete asset(s) 1 Go to Environment Assets Groups Assets. 1 Select the asset(s) you want to delet...

UpPrevious Next Sheriff CSM™ Asset List View The Asset List view, Environment Assets Groups Assets, provides a centralized view of your assets. For fiel...

UpPrevious Next Sheriff CSM™ Sheriff CSM Dashboard Configuration Within the dashboard view, you can see multiple tabs displaying various visual representations of...

UpPrevious Next Sheriff CSM™ Sheriff CSM Dashboards %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimglef...

UpPrevious Next Sheriff CSM™ Verifying Sheriff CSM Operation Once the basic installation and configuration of your Sheriff CSM system is completed (as described i...

UpPrevious Next Sheriff CSM™ Back Up and Restore NetFlow Data NetFlow is a protocol designed and published by Cisco Systems that has become the accepted industry ...

UpPrevious Next Sheriff CSM™ Enable Plugins from the Sensor (Deputy) Configuration You can enable up to 100 plugins on a Sheriff CSM Sensor from the Sheriff CSM w...

UpPrevious Next Sheriff CSM™ Enable Plugins on Assets After you run a scan of your network to discover assets, the discovered assets are saved in the Sheriff CSM ...

UpPrevious Next Sheriff CSM™ Configuring Sheriff NIDS Sheriff CSM comes with Sheriff NIDS already enabled, but you need to perform the steps below in order to mo...

UpPrevious Next Sheriff CSM™ Working with Sheriff HIDS Rules Sheriff HIDS expands from the open source project, OSSEC, by providing additional rules that are esse...

UpPrevious Next Sheriff CSM™ Limit User Visibility with Entities %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="...

UpPrevious Next Sheriff CSM™ User Administration in Sheriff CSM %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="...

UpPrevious Next Sheriff CSM™ List of Sheriff CSM Reports Sheriff updates the Sheriff CSM reports on an on going basis. The following table lists the reports in a...

UpPrevious Next Sheriff CSM™ Viewing the Scan Results in Excel When you export a report in an Excel file, you can see the name of the portal branding. This infor...

UpPrevious Next Sheriff CSM™ System Settings for Authenticated Scans An authenticated scan is a vulnerability testing measure performed from the vantage of a logg...

UpPrevious Next Sheriff CSM™ Policy Order and Grouping Policy Order Importance Policies consist of numbered rules that Sheriff CSM applies in descending order wh...

UpPrevious Next Sheriff CSM™ The Policy View %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" }...

UpPrevious Next Sheriff CSM™ Alarm Details — Columns and Fields Alarm Details field descriptions Column/Field Name Description Status Whether or not t...

UpPrevious Next Sheriff CSM™ Alarms List — Fields Alarms list fields Column/Field Name Description Date Date and time Sheriff CSM completed alarm corr...

UpPrevious Next Sheriff CSM™ Managing Network Groups You manage network groups from the Network Group List view. Creating Network Groups To create a network grou...

UpPrevious Next Sheriff CSM™ Editing the Assets You can edit your assets once they are in Sheriff CSM. For example, you can add a description or a location for y...

UpPrevious Next Sheriff CSM™ Running Asset Scans You can run an asset scan on individual assets. This is useful, for example, if you want to find out if anything ...

UpPrevious Next Sheriff CSM™ Sheriff CSM Event Processing Workflow After Sheriff CSM is installed in your environment, events start flowing through the Sheriff ...

UpPrevious Next Sheriff CSM™ What Expectations Should I Have of Security Monitoring? Security monitoring is often about monitoring often overlooked things such as...

UpPrevious Next Sheriff CSM™ Sheriff CSM Network Security Best Practices Providing strong and effective security for an organization’s network, IT infrastructure,...

UpPrevious Next Sheriff CSM™ Replace Disk Drives or Power Supplies You may need to replace a power supply or hard disk drive on an Sheriff CSM hardware should ei...

UpPrevious Next Sheriff CSM™ Supported Formats by the normalize_date() Function When the Sheriff CSM plugins parse logs received from various devices, they use a...

UpPrevious Next Sheriff CSM™ Customize and Develop New Plugins Sheriff provides a large number of plugins as part of its default installation. In most environmen...

UpPrevious Next Sheriff CSM™ Sheriff NIDS %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" }% ...

UpPrevious Next Sheriff CSM™ Configure Sheriff CSM to Use a Proxy By default, Sheriff CSM does not need to go through any proxy server, so proxy configuration is...

UpPrevious Next Sheriff CSM™ Correlation Contexts Sheriff CSM uses Correlation Contexts to allow overlapping networks. A Sheriff CSM Server can handle overlappin...

UpPrevious Next Sheriff CSM™ Sheriff CSM Event Processing Workflow After Sheriff CSM is installed in your environment, events start flowing through the Sheriff C...

UpPrevious Next Sheriff CSM™ Exporting the Assets To export assets 1 Go to Environment Assets Groups Assets. 1 Select the asset(s) you want to export...

UpPrevious Next Sheriff CSM™ Restore Sheriff CSM from a USB Drive Prerequisite * Burn the corresponding ISO image to a USB drive. * Change the boot sequenc...

UpPrevious Next Sheriff CSM™ Changing the Boot Sequence of a Sheriff CSM Hardware By default, the Sheriff CSM hardware appliance boots from its hard disk. When tr...

UpPrevious Next Sheriff CSM™ Restore Software on a Sheriff CSM Hardware %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimg...

UpPrevious Next Sheriff CSM™ Reset the Sheriff API Key Starting from version 5.2.5, Sheriff CSM and Sheriff Vigilante® offer the option to reset the Sheriff API ...

UpPrevious Next Sheriff CSM™ Customize Existing Plugins Yourself %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft=...

UpPrevious Next Sheriff CSM™ Configure Plugins Most of the plugins in Sheriff CSM do not require additional configuration after they are enabled, especially if y...

UpPrevious Next Sheriff CSM™ Duplicating Firewall Rules in Sheriff CSM Standard Sensors (Deputies) Whenever you add one or more Sheriff CSM Standard Sensors to t...

UpPrevious Next Sheriff CSM™ Disabling a VPN Configuration When you disable a VPN tunnel, it does not remove the configuration files and system generated certific...

UpPrevious Next Sheriff CSM™ Firewall Permissions Sheriff CSM components must use particular URLs, protocols, and ports to function correctly. Note: If deploying ...

UpPrevious Next Sheriff CSM™ Customize Sheriff NIDS Rules Occasionally you may want to customize the Sheriff NIDS rules or enable a rule that is disabled by defa...

UpPrevious Next Sheriff CSM™ Using Sheriff CSM for PCI Compliance The purpose of this topic is to assist customers in utilizing Sheriff CSM to help achieve Paymen...

UpPrevious Next Sheriff CSM™ Reset Password for User Accounts Sheriff CSM has specific procedures and permissions for resetting passwords for different user accou...

UpPrevious Next Sheriff CSM™ Modify a User Account Use this procedure when you want to make modifications to an existing user account. To modify an existing user...

UpPrevious Next Sheriff CSM™ Duplicate a User Account Duplicating an existing user account can save time when you want to create a new user and the new user shoul...

UpPrevious Next Sheriff CSM™ User Authorization %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ User Authentication %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="...

UpPrevious Next Sheriff CSM™ Viewing the Scan Results in PDF When you export a report in a PDF file, you can see a logo and the name of the portal branding. This...