UpPrevious Next Sheriff CSM™ Configuring Sheriff NIDS Sheriff CSM comes with Sheriff NIDS already enabled, but you need to perform the steps below in order to mo...

UpPrevious Next Sheriff CSM Connecting to AlienVault Open Threat Exchange® AlienVault Open Threat Exchange® (OTX™) is an open information sharing and analysis net...

UpPrevious Next Sheriff CSM™ Control User Authorization with Templates Templates are reusable configurations that allow you to limit user access to parts of the S...

UpPrevious Next Sheriff CSM™ Correlation Contexts Sheriff CSM uses Correlation Contexts to allow overlapping networks. A Sheriff CSM Server can handle overlappin...

Correlation Directives One of the main tools for generating alarms, and contains one or more of the Correlation Rules. After all the conditions specified in a Cor...

UpPrevious Next Sheriff CSM™ Correlation Rules A correlation rule defines a condition to match incoming events. Refer to How Does Correlation Work? for details. T...

UpPrevious Next Sheriff CSM™ Create a New Cross Correlation Rule In this example, we explain how to create a cross correlation rule to detect a MySQL authenticati...

UpPrevious Next Sheriff CSM™ Create a New Policy %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="...

UpPrevious Next Sheriff CSM™ Create a Ticket You can open a ticket in the following ways: * Automatically — based on a configured policy. See Create an Action...

UpPrevious Next Sheriff CSM Create an Action You can create actions for Sheriff CSM to perform on security events. This includes sending an email, executing a sc...

UpPrevious Next Sheriff CSM™ Create Custom Reports If predefined reports in Sheriff CSM do not suit your needs, you can either modify an existing report or gener...

UpPrevious Next Sheriff CSM™ Create Custom Reports from SIEM Events If the available report modules do not suit your needs, you can generate your own module, whic...

UpPrevious Next Sheriff CSM™ Create New Accounts for LDAP Users Use this procedure to create new user accounts for LDAP users. For local users, see Create New Acc...

UpPrevious Next Sheriff CSM™ Create New Accounts for Local Users Use this procedure to create new user accounts for local Sheriff CSM users. For LDAP users, see C...

UpPrevious Next Sheriff CSM™ Create New Plugins Using the Plugin Builder In addition to the other methods described for customizing or creating new Sheriff CSM p...

UpPrevious Next Sheriff CSM™ Create Policy Conditions This topic explains how to configure policy conditions for external event policies, using the Default Policy...

UpPrevious Next Sheriff CSM™ Create Policy Consequences Policy Consequences are the final component to creating a policy, after Create a New Policy and Create Po...

UpPrevious Next Sheriff CSM™ Create the Default Admin User When you connect to the Sheriff CSM web UI for the first time after installation and setup, Sheriff CS...

UpPrevious Next Sheriff CSM™ Creating a Custom Scan Profile You can create a custom profile and tailor it to the type of the target system you are scanning. To c...

UpPrevious Next Sheriff CSM™ Creating a Network In Sheriff CSM, you can create a network either manually or by importing a CSV file. Creating a Network by Import...

UpPrevious Next Creating a Plugin Configuration File This task creates a plugin configuration file for a data source called "exchangews," and which uses SNMP for...

UpPrevious Next Creating a Plugin .sql File The following example shows the plugin .sql file corresponding to the plugin configuration file example. INSERT INTO ...

UpPrevious Next Sheriff CSM™ Creating an Asset Group In Sheriff CSM, you can create an asset group in the following ways: * From the Asset List View, select a...

UpPrevious Next Sheriff CSM™ Creating Credentials for Vulnerability Scans Although optional, we recommend that you use credentials to perform authenticated vulne...

UpPrevious Next Sheriff CSM™ Creating Vulnerability Scan Jobs By default, Sheriff CSM runs vulnerability scan jobs without any authentication. They are less thor...

UpPrevious Next Sheriff CSM™ Cross Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft=""...

UpPrevious Next Sheriff CSM™ Cross Correlation Rules The correlation engine uses cross correlation rules to connect NIDS events and vulnerabilities discovered by...

UpPrevious Next Sheriff CSM™ CrowdStrike Falcon When you configure CrowdStrike Falcon to send log data to Sheriff CSM, you can use the CrowdStrikeas will Falcon ...

UpPrevious Next Sheriff CSM™ CrushFTP When you configure CrushFTP to send log data to Sheriff CSM, you can use the CrushFTP plugin to translate raw log data into...

UpPrevious Next Sheriff CSM™ Current Vulnerabilities — Asset Vulnerability Details The Asset Vulnerability Details section summarizes all current vulnerabilities...

UpPrevious Next Sheriff CSM™ Customize and Develop New Plugins Sheriff provides a large number of plugins as part of its default installation. In most environmen...

UpPrevious Next Sheriff CSM™ Customize Existing Plugins Yourself %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft=...

UpPrevious Next Sheriff CSM™ Customize Sheriff NIDS Rules Occasionally you may want to customize the Sheriff NIDS rules or enable a rule that is disabled by defa...

UpPrevious Next Sheriff CSM™ CyberArk Enterprise Password Vault When you configure CyberArk Enterprise Password Vault to send log data to Sheriff CSM, you can us...

UpPrevious Next Sheriff CSM™ D Link UTM Firewall When you configure D Link UTM Firewall to send log data to Sheriff CSM, you can use the D Link UTM Firewall plugi...

UpPrevious Next Sheriff CSM™ D Link Wireless Controller When you configure D Link Wireless Controller to send log data to Sheriff CSM, you can use the D Link Unif...

UpPrevious Next Sheriff CSM™ Default Functions Used in the Sheriff CSM Plugins The Sheriff CSM Server must receive normalized events in a predefined format. Sher...

UpPrevious Next Sheriff CSM™ Define Advanced Search Criteria for Security Events (SIEM) This topic describes how to define advanced search criteria when performi...

Sheriff CSM™ Delete a Template Applies to Product: Sheriff CSM™ Sheriff Vigilante® To delete a template 1 From the Sheriff CSM web interface, go to Con...

UpPrevious Next Sheriff CSM™ Delete a User Account Important: Before deleting a user in Sheriff CSM, check to see if this user has scheduled any vulnerability sca...

UpPrevious Next Sheriff CSM™ Deleting the Assets To delete asset(s) 1 Go to Environment Assets Groups Assets. 1 Select the asset(s) you want to delet...

UpPrevious Next Sheriff CSM™ Dell EMC RecoverPoint When you configure Dell EMC RecoverPoint to send log data to Sheriff CSM, you can use the Dell EMC RecoverPoi...

UpPrevious Next Sheriff CSM™ Dell EqualLogic When you configure Dell EqualLogic to send log data to Sheriff CSM, you can use the Dell EqualLogic plugin to transla...

UpPrevious Next Sheriff CSM™ Dell SonicWALL When you configure Dell SonicWALL to send log data to Sheriff CSM, you can use the Dell SonicWALL plugin to translate ...

UpPrevious Next Sheriff CSM™ DenyAll Web Application Firewall (WAF) When you configure DenyAll Web Application Firewall (WAF) to send log data to Sheriff CSM, you...

UpPrevious Next Sheriff CSM™ Deploy Sheriff CSM in VMware Sheriff offers Sheriff CSM for VMware in a Open Virtual Appliance (OVA) package, which is a tar archive ...

UpPrevious Next Sheriff CSM™ Deploy Sheriff CSM Using Hyper V Manager Microsoft Hyper V is a hypervisor that lets you create and manage virtual machines by using...

UpPrevious Next Sheriff CSM™ Deploy Sheriff CSM with AMI In this section, you will learn * Deploy the Sheriff CSM AMI * Connect to the AMI Through a Consol...

UpPrevious Next Sheriff CSM™ Deploy Sheriff HIDS Agents You can deploy a Sheriff HIDS agent to a host * Through the Getting Started Wizard This option suppor...

UpPrevious Next Sheriff CSM™ Deploying HIDS Agents In this section, you will learn about deploying HIDS agents from the asset list view: * Deploying HIDS Agen...