UpPrevious Next Sheriff CSM™ Sheriff CSM Deployment Requirements Sheriff CSM has the following general deployment requirements. Minimum Hardware Requirements fo...
UpPrevious Next Sheriff CSM™ Sheriff CSM Deployment Types This section introduces the various Sheriff CSM components and explains the different deployment types....
Sheriff CSM Documentation Deployment Guide User Guide Test test2 Vigilante Limitations: Because Vigilante® includes a subset of Sheriff CSM's capabili...
UpPrevious Next Sheriff CSM™ Sheriff CSM Event Processing Workflow After Sheriff CSM is installed in your environment, events start flowing through the Sheriff ...
UpPrevious Next Sheriff CSM™ Sheriff CSM Event Processing Workflow After Sheriff CSM is installed in your environment, events start flowing through the Sheriff C...
UpPrevious Next Sheriff CSM™ Sheriff CSM Event Taxonomy Sheriff event taxonomy is a classification system for security events. It provides the Sheriff CSM correla...
UpPrevious Next Sheriff CSM™ Sheriff CSM Network Security Best Practices Providing strong and effective security for an organization’s network, IT infrastructure,...
UpPrevious Next Sheriff CSM™ Sheriff CSM Network Security Concepts and Terminology When working with Sheriff CSM and using the Sheriff CSM web UI to perform netw...
UpPrevious Next Sheriff CSM™ Sheriff CSM Security Monitoring and Analysis This section provides an overview of Sheriff CSM web UI main menu and submenu options an...
UpPrevious Next Sheriff CSM™ Sheriff CSM User Accounts Sheriff CSM has different levels of user accounts for administration and management: * Root user — Crea...
Sheriff HIDS A Sheriff CSM feature and data source for intrusion detection that enables host based log collection, file integrity monitoring, and, on Windows host...
Sheriff HIDS Description A Sheriff CSM feature and data source for intrusion detection that enables the host based log collection, file integrity monitoring, and,...
Sheriff NIDS A Sheriff CSM feature and data source for intrusion detection that monitors network traffic and attacks malicious events. In conjunction with event c...
UpPrevious Next Sheriff CSM™ Sheriff Vigilante® Installation Process Download Sheriff Vigilante The free, open source Sheriff Vigilante® ISO file can be found o...
UpPrevious Next Sheriff CSM™ Sheriff Vigilante Report Types Sheriff Vigilante Reports Sheriff Vigilante provides a set of simplified versions of the reports fou...
UpPrevious Next Sheriff CSM™ Shorewall Firewall When you configure Shorewall Firewall to send log data to Sheriff CSM, you can use the Sharewall Firewall plugin ...
UpPrevious Next Sheriff CSM™ Sophos Antivirus When you configure Sophos Antivirus to send log data to Sheriff CSM, you can use the Sophos Antivirus plugin to tra...
UpPrevious Next Sheriff CSM™ Sophos Central When you configure Sophos Central to send log data to Sheriff CSM, you can use the sophos central plugin to translate ...
UpPrevious Next Sheriff CSM™ Sophos Enterprise Console through NXLog When you configure Sophos Enterprise Console (SEC) to send log data to Sheriff CSM, you can ...
UpPrevious Next Sheriff CSM™ Sophos XG Firewall When you configure Sophos XG Firewall to send log data to Sheriff CSM, you can use the Sophos XG plugin to transla...
UpPrevious Next Sheriff CSM™ Supported Formats by the normalize_date() Function When the Sheriff CSM plugins parse logs received from various devices, they use a...
UpPrevious Next Sheriff CSM™ Symantec ATP When you configure Symantec ATP to send log data to Sheriff CSM, you can use the Symantec atp plugin to translate raw lo...
UpPrevious Next Sheriff CSM™ Symantec EPM When you configure Symantec EPM to send log data to Sheriff CSM, you can use the Symantec EPM plugin to translate raw l...
UpPrevious Next Sheriff CSM™ System Maintenance and Remote Support Sheriff CSM uses the Message Center to centralize all in system errors, warnings, and messages...
UpPrevious Next Sheriff CSM™ System Overview This is a basic overview of Sheriff CSM as it is deployed and used in your environment. Individual subjects covered ...
UpPrevious Next Sheriff CSM™ System Settings for Authenticated Scans An authenticated scan is a vulnerability testing measure performed from the vantage of a logg...
UpPrevious Next Sheriff CSM™ Taking Ownership of an Alarm As part of an alarm remediation response, you should take ownership of an alarm you want to work on. Th...
UpPrevious Next Task 2: Add a Level 1 Rule to Detect the Event This task adds a level 1 rule for the directive created in Task 1. In this rule, we try to match o...
UpPrevious Next Task 3: Add a Level 2 Rule to Detect the Same Event with 100 Occurrences In this task, we try to match the same events selected in Task 2. We wan...
UpPrevious Next Task 4: Add a Level 3 Rule to Detect the Same Event with 1000 Occurrences This task is a repeat of Task 3. You can repeat this task as many times...
UpPrevious Next Task 5: Reload Directives To apply all the changes made 1 Click Reload Directives. The text displays in red, suggesting an action. 1 Clic...
Examine Alarms and Security Events In this procedure, we describe the first and most straightforward method of investigating the trigger for a specific alarm. To ...
To search the Threat Database for available plugins 1 Go to Environment Vulnerabilities Threat Database. Sheriff CSM displays the threat families with the ...
UpPrevious Next Sheriff CSM™ The Policy View %TWISTY{ showlink="Table of Contents" hidelink="Table of Contents" start="show" showimgleft="" hideimgleft="" }...
UpPrevious Next Sheriff CSM™ The Sheriff CSM Web User Interface The Sheriff CSM web user interface (or web UI) provides access to all the tools and capabilities ...
UpPrevious Next Sheriff CSM™ Thycotic Software Secret Server When you configure Thycotic Software Secret Server to send log data to Sheriff CSM, you can use the T...
UpPrevious Next Time Range Time Range sets a period of time in which to match events. When configured, only events that occur during the specified time range are...