UpPrevious Next
Sheriff CSMâ„¢
Websense Web Security 7
When you configure Websense Web Security 7 to send log data to Sheriff CSM, you can use the websense7 plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
Plugin Information
Device | Details |
Vendor | Websense |
Device Type | Firewall |
Connection Type | Syslog |
Data Source Name | Websense7 |
Data Source ID | 19005 |
Note: Websense Web Security 7 currently describes release versions 7.6 through 7.9. Another plugin named websense is available for integration with earlier versions of the Websense Web Security Gateway product. In addition, there is a triton plugin for versions of the Web Security Gateway product released after ForcePoint acquired Websense.
Integrating Websense Web Security 7
Each Websense Web Security policy server instance in your deployment must be configured to send log data to a Sheriff CSM Deputy over the Syslog protocol.
To configure Websense Web Security to send log data to Sheriff CSM
Note: Before using this page to enable Sheriff CSM integration, make sure that an instance of Websense Multiplexer is installed for each policy server in your environment.
- Go to Settings > General > SIEM Integration.
-
Select Enable SIEM integration for this Policy Server to enable SIEM integration.
- Provide the IP address or hostname of the machine hosting Sheriff CSM, as well as the communication port to use for sending data.
-
Specify the Transport protocol (UDP) to use when sending data to the SIEM product (Sheriff CSM).
-
Select the SIEM format to use. This determines the syntax of the string used to pass log data to the integration.
- Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.
After you save your changes, Websense Multiplexer connects to the Filtering Service and takes over the job of distributing log data to both Log Server and the selected SIEM (Sheriff CSM) integration.
Note: Although the same data is passed from the WebSense Filtering Service to both Log Server and the SIEM product, Log Server may be configured to perform data reduction processing tasks, like recording visits instead of hits, or consolidating log records. Because the SIEM product does not perform these data reduction tasks, there may be more SIEM entries than records in the Log Database.
Plugin Enablement
For plugin enablement information, see
Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, see the vendor documentation.