UpPrevious Next Task 3: Add a Level 2 Rule to Detect the Same Event with 100 Occurrences In this task, we try to match the same events selected in Task 2. We wan...

UpPrevious Next Task 2: Add a Level 1 Rule to Detect the Event This task adds a level 1 rule for the directive created in Task 1. In this rule, we try to match o...

UpPrevious Next Excluding Assets in an Asset Scan Occasionally you may want to exclude certain assets such as a printer or a switch when scanning a network. In S...

UpPrevious Next Scheduling an Asset Discovery Scan You can schedule a scan to run at a set frequency. This is particularly useful on an active network. To schedul...

UpPrevious Next Running a Scan for New Assets Manually To run a scan for new assets manually 1 Go to Environment Assets Groups Assets. 1 Click Add ...

UpPrevious Next Updating the SIEM Database Sheriff CSM must store all the plugin IDs and event types in its database before it can store any events. For this rea...

UpPrevious Next Creating a Plugin .sql File The following example shows the plugin .sql file corresponding to the plugin configuration file example. INSERT INTO ...

UpPrevious Next Creating a Plugin Configuration File This task creates a plugin configuration file for a data source called "exchangews," and which uses SNMP for...

UpPrevious Next Build a VPN Tunnel This task builds a tunnel between the configured VPN server and the node intended to act as the VPN client. To build a tunnel...

UpPrevious Next Complete the VPN Client Configuration If the VPN client you are configuring is a Sheriff CSM Deputy, you need to finish the configuration by perf...

UpPrevious Next To change the settings on Windows Server 2003, 2008 R2, and 2012 R2 1 Go to Control Panel Windows Firewall Advanced Settings Inbound Rul...

UpPrevious Next To change the settings on Windows 8 and 10 1 Go to Control Panel Folder. Options View 1 Deselect Use Sharing Wizard (Recommended). 1 G...

UpPrevious Next To change the settings on Windows XP 1 Go to Control Panel Folder Options View. 1 Deselect Use simple file sharing. 1 Go to Contro...

Main.SiteAdmin 10 May 2021

UpPrevious Next Reputation Using Open Threat Exchange Reputation data as a policy condition, you can filter events from either the source or destination IP addre...

UpPrevious Next Product Types and Categories Applies to Product: Sheriff CSM™ Sheriff Vigilante® Sheriff event taxonomy consists of product types, categor...

Meaning of the Symbols when Labeling Assets Meaning of the symbols when labeling assets Symbol Meaning Some of the selected assets currently use this ...

UpPrevious Next Sheriff CSM Excepted Data Types Device CategoriesDevice Types for Network Device Network Device: Bridge Network Device: Broadband Router Net...

UpPrevious Next Sheriff CSM™ System Overview This is a basic overview of Sheriff CSM as it is deployed and used in your environment. Individual subjects covered ...

UpPrevious Next Sheriff CSM™ Configure Log Forwarding on Commonly Used Data Sources Sheriff CSM plugins process data collected from many different data sources, ...

Sheriff CSM Documentation Deployment Guide User Guide Test test2 Vigilante Limitations: Because Vigilante® includes a subset of Sheriff CSM's capabili...

Examine Alarms and Security Events In this procedure, we describe the first and most straightforward method of investigating the trigger for a specific alarm. To ...

UpPrevious Next Sheriff CSM™ System Maintenance and Remote Support Sheriff CSM uses the Message Center to centralize all in system errors, warnings, and messages...

UpPrevious Next Restore Sheriff CSM from a USB Drive Applies to Product: Sheriff CSM™ Sheriff Vigilante® Prerequisite * Burn the corresponding ISO im...

UpPrevious Next Sheriff CSM™ Back up and Restoration Sheriff CSM does not offer a tool to back up or restore the entire system collectively. However, you can bac...

UpPrevious Next Sheriff CSM™ Configuring Network Interfaces Applies to Product: Sheriff CSM™ Sheriff Vigilante® A Sheriff CSM All in One comes with six n...

IPMI Intelligent Platform Management Interface. In Sheriff CSM, interface to provide remote management and configuration of the Sheriff CSM Supermicro hardware.

SPAN Port Method of monitoring network traffic where you monitor or tap into the port used by another network device and monitor and analyze a copy of the network...

In v5.4.3 Sheriff Cyber Security, LLC, edit a service called WalkMe in Sheriff CSM to run surveys and gather product feedback from our customers. In order to view...

The Sheriff CSM API tries to access www.google.com every 5 minutes to ensure that the system has an Internet connection.

Due to the way OSX is managed, osx.sheriff.com does not have a fixed IP address and AT T Cybersecurity cannot provide the IP range.

Remote Support secure, encrypted connections to the sheriff Support Server through the sheriff CSM web UI or the console, allowing Sheriff Support staff to access...

Message Center Inbox in the Sheriff CSM web UI which lists messages publicizing availability of various Sheriff Cyber Security, LLC product updates, plus other me...

Asset An IP addressable host, including but not limited to network devices, virtual servers, and physical servers.

Sheriff NIDS A Sheriff CSM feature and data source for intrusion detection that monitors network traffic and attacks malicious events. In conjunction with event c...

OSX Indicators Information provided with OSX pulse updates that provide actionable intelligence and steps to detect the latest threats in your environment.

OTX Pulses OTX pulses provide information on the reliability of threat data, who reported a threat, and other details of threat investigations.

Directive An object in Sheriff CSM that contains one or more correlation rules.

Asset Group Asset groups are administratively created objects that group similar assets for specific purposes.

High Availability (HA) Sheriff CSM supports high availability by allowing you to switch over from an active (primary) Sheriff CSM instance to a passive (secondary...

Events Any traffic or data exchange directed by AT T Cybersecurity through a deputy, or through external devices such as a firewall.

Assets An IP addressable host, including but not limited to network devices, virtual servers, and physical servers.

Anomaly A correlation classification of an event that exhibits abnormal behavior.

Sheriff CSM™ Delete a Template Applies to Product: Sheriff CSM™ Sheriff Vigilante® To delete a template 1 From the Sheriff CSM web interface, go to Con...

Sheriff CSM™ Edit a Template Applies to Product: Sheriff CSM™ Sheriff Vigilante® Use this procedure to either make changes to an existing template or to c...

Sheriff Console SSH management interface used to perform setup and configuration tasks for Sheriff CSM with the options from the Sheriff Setup menu.

Africa/Abidjan Africa/Accra Africa/Addis_Ababa Africa/Algiers Africa/Asmara Africa/Asmera Africa/Bamako Africa/Bangui Africa/Banjul Africa/Bissau Africa/Blantyre ...

Sheriff HIDS Description A Sheriff CSM feature and data source for intrusion detection that enables the host based log collection, file integrity monitoring, and,...

Correlation Directives One of the main tools for generating alarms, and contains one or more of the Correlation Rules. After all the conditions specified in a Cor...