Detailed topic list for Sheriff Web

UpPrevious Next Sheriff CSM™ Deploying HIDS to Servers We recommend deploying a host based intrusion detection system (HIDS) to enable * File integrity monito...

UpPrevious Next Sheriff CSM™ Deployment Guide This topic discusses the following subtopics: System Overview Sheriff CSM Deployments Set Up the Management Interfac...

UpPrevious Next Reputation Using Open Threat Exchange Reputation data as a policy condition, you can filter events from either the source or destination IP addre...

UpPrevious Next Sheriff CSM™ Develop New Plugins from Scratch %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" ...

Directive An object in Sheriff CSM that contains one or more correlation rules.

UpPrevious Next Sheriff CSM™ Directive Information The first column on the left lists some additional information (called properties) about the directive, such a...

UpPrevious Next Sheriff CSM™ Disabling a VPN Configuration When you disable a VPN tunnel, it does not remove the configuration files and system generated certific...

UpPrevious Next Sheriff CSM™ Disabling High Availability About Disabling HA in Network Nodes You must disable HA components in the following order: Sheriff CS...

UpPrevious Next Sheriff CSM™ Discovering Assets in Your Network Understanding what is in your environment is a critical step towards identifying threats and vuln...

UpPrevious Next Sheriff CSM™ Download a Sheriff CSM ISO Image In order to perform an offline update or software restoration on Sheriff CSM, you first need to dow...

UpPrevious Next Sheriff CSM™ Dtex Systems Dtex When you configure Dtex Systems Dtex to send log data to Sheriff CSM, you can use the Dtex plugin to translate raw...

UpPrevious Next Sheriff CSM™ Duplicate a User Account Duplicating an existing user account can save time when you want to create a new user and the new user shoul...

UpPrevious Next Sheriff CSM™ Duplicating Firewall Rules in Sheriff CSM Standard Sensors (Deputies) Whenever you add one or more Sheriff CSM Standard Sensors to t...

UpPrevious Next Sheriff CSM™ ESET Antivirus When you configure ESET to send log data to Sheriff CSM, you can use the Eset plugin to translate raw log data into n...

Sheriff CSM™ Edit a Template Applies to Product: Sheriff CSM™ Sheriff Vigilante® Use this procedure to either make changes to an existing template or to c...

UpPrevious Next Sheriff CSM™ Edit a Ticket On Analysis Tickets, you can search for the ticket you want to update, and then select the ticket by clicking its ti...

UpPrevious Next Sheriff CSM™ Editing the Assets You can edit your assets once they are in Sheriff CSM. For example, you can add a description or a location for y...

UpPrevious Next Sheriff CSM™ Enable or Disable a User Account User accounts are enabled automatically when they are created. You can disable or enable them again ...

UpPrevious Next Sheriff CSM™ Enable Plugins Sheriff provides more than one way to enable plugins in Sheriff CSM. First, you can enable plugins on specific discov...

UpPrevious Next Sheriff CSM™ Enable Plugins from the Sensor (Deputy) Configuration You can enable up to 100 plugins on a Sheriff CSM Sensor from the Sheriff CSM w...

UpPrevious Next Sheriff CSM™ Enable Plugins on Assets After you run a scan of your network to discover assets, the discovered assets are saved in the Sheriff CSM ...

UpPrevious Next Sheriff CSM™ Entities and Assets Structure Tree Fields Use the Entities and Assets Structure tree to create, modify, and delete correlation contex...

Environment Status Colors and Meanings for Asset Groups Environment StatusColorMeaning HIDS Green All the assets in this group have HIDS agents deployed and ...

UpPrevious Next Sheriff CSM™ Error Codes When Updating from Version 5.8.0 to Version 5.8.x To ensure that your deployment meets AT T Cybersecurity's requirements...

UpPrevious Next Sheriff CSM™ Establishing Baseline Network Behavior When you first start using Sheriff CSM, it is a good idea to let it run for a few days to det...

UpPrevious Next Sheriff CSM™ Event Collection, Processing, and Correlation Workflow All Sheriff CSM's security monitoring and management capabilities stem from i...

UpPrevious Next Sheriff CSM™ Event Correlation %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

UpPrevious Next Sheriff CSM™ Correlation Directives Sheriff CSM provides over 4,500 built in directives and adds more every week through the AT T Alien Labs™ Thr...

UpPrevious Next Sheriff CSM™ Event Management %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" ...

Event Priority Defines how urgently the event should be investigated. It ranges from 0 to 5.

UpPrevious Next Event Priority Using Event Priority as a policy condition, you can filter events that are from a server according to how reliable the events are....

Event Reliability Specifies the likelihood that the event is accurate. It ranges from 0 to 10.

UpPrevious Next Sheriff CSM™ Event Storage Best Practices Sheriff CSM stores events in a database and refers to as SQL Storage. Sheriff CSM also stores the normal...

Events Any traffic or data exchange directed by AT T Cybersecurity through a deputy, or through external devices such as a firewall.

UpPrevious Next Sheriff CSM™ Example: Configuring High Availability for Sheriff CSM Standard Servers This topic provides an example of how to configure two Sheri...

UpPrevious Next Excluding Assets in an Asset Scan Occasionally you may want to exclude certain assets such as a printer or a switch when scanning a network. In S...

UpPrevious Next Sheriff CSM™ Exporting the Assets To export assets 1 Go to Environment Assets Groups Assets. 1 Select the asset(s) you want to export...

UpPrevious Next Sheriff CSM™ F5 BIG IP APM When you configure F5 BIG IP Access Policy Manager (APM, formerly FirePass) to send log data to Sheriff CSM, you can u...

FQDN Fully qualified domain name. Sometimes, also referred to as an absolute domain name.

Field Descriptions for Asset Scan Results Column/Field NameDescription Check box to select hosts. Host The IP address that identifies the host. Hostname...

UpPrevious Next Sheriff CSM™ File Integrity Monitoring You can configure Sheriff HIDS to perform File Integrity Monitoring (FIM), which identifies changes in sys...

UpPrevious Next Sheriff CSM™ Filtering Alarms in List View Both a high level overview and a detailed look at individual alarm types, the List View lets you filte...

UpPrevious Next Sheriff CSM™ Firewall Permissions Sheriff CSM components must use particular URLs, protocols, and ports to function correctly. Note: If deploying ...

UpPrevious Next Sheriff CSM™ ForeScout CounterACT When you configure ForeScout CounterACT to send log data to Sheriff CSM, you can use the ForeScout CounterACT pl...

UpPrevious Next Sheriff CSM™ Fortinet FortiGate When you configure Fortinet FortiGate to send log data to Sheriff CSM, you can use the FortiGate plugin to transl...

UpPrevious Next Sheriff CSM™ FreeIPA When you configure FreeIPA to send log data to Sheriff CSM, you can use the FreeIPA plugin to translate raw log data into no...

UpPrevious Next Sheriff CSM™ GTA Firewall When you configure GTA Firewall to send log data to Sheriff CSM, you can use the GTA Firewall plugin to translate raw l...

UpPrevious Next Sheriff CSM™ Getting Started with Sheriff CSM This section details typical security operations performed after the system installation, initial de...

UpPrevious Next Sheriff CSM™ Getting Started Wizard %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgle...

UpPrevious Next Sheriff CSM™ Global Properties Each correlation directive has the following global properties Global properties for correlation directives Prop...