What is VirtSOC?
One portal to rule them all.
VirtSOC is a cloud-based management portal that allows customers and MSSPs to securely monitor and manage their Sheriff installations.
Users can gain access to all of their alarm data in a single space, write reports based on information gathered by VirtSOC, monitor the overall health to their Sheriff Installations, manage rules for their installations, view system backups, lookup customer information, and manage a remote console and UI through VirtSOC.
The Alarms Page provides all the information on alarms for a given network. The raw alarm data gathered by Sheriff is organized and condensed into digestible information in list form, allowing for a more streamlined diagnosis.
The Alarm Query is a powerful Alarm Search Tool. The tool allows the user to add rules or groups of rules to help search for a specific alarm. The user can then use various boolean properties to narrow their search.
Alarms By Hour Graph
The Alarms By Hour Graph is a heat map of all of the alarms that have triggered on the network in the last 24 hours. It communicates what kind of activity occurred, when it occurred, and for how long.
The Alarm Table is a table featuring every alarm on a network. The table show basic information about each alarm, all of which can be sorted using the Alarm Query Tool.
By clicking on an Alarm in the Alarm Table, a page will appear showing all of the details regarding an alarm and the events related to it. The raw data gathered by VirtSOC is converted into digestible information and provided to the user in list form. The user can then determine whether or not to act upon the alarm.
Create reports based on certain criteria and run them to gather data. For example, a report can be created designed to pull up a list of all of the alarms that have occurred over the last 100 days.
The Health Statistics page helps the user determine whether or not actions need to be taken.
Shows all of the active alerts that impact the health of a network.
SIEM Appliance Status
Checks on the health of the Sheriff Installation.
Syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity level.
OSSEC is a host intrusion detection system. This checks on the status of the OSSEC application.
The Manage Rules Tab Allows Customers and MSSP’s to manage specific rules for their network and Sheriff Installations.
Users can construct rules for their network for a wide variety of purposes. Rules are constructed as follows:
NOT/AND/OR > Property > Operator (Equal, Contains, etc.) > Item.
Users can establish a weekly calendar for when a rule is active or inactive at certain hours on a given day of the week. Users can also select “Work Day”, “After Hours”, or “Always” for streamlined scheduling.
The Backups tab provides you with all of the backups that have occurred on you or your customer’s network.
Configuration backups are kept for 7 days and are included with your VirtSOC subscription.
Log backups are only available for Sheriff. Backups are are replicated to multiple data centers and retention can be set for longer than the log retention interval on Sheriff.
The Customer Information Tab acts as a notebook for MSSP’s to store their customer’s information. This small organization aid can allow MSSP’s to quickly tab between a customer’s UI or SSH console and their Information Card, rather than having to keep a text file or sticky note that houses their information.
Remotely Monitor you or your Customer’s Sheriff Installation from VirtSOC.
Open an SSH Console for you or your customer’s Sheriff Installation remotely through VirtSOC.
Open you or your customer’s Sheriff Installation User Interface through VirtSOC.