What is VirtSOC?

One portal to rule them all.

VirtSOC is a cloud-based management portal that allows customers and MSSPs to securely monitor and manage their Sheriff installations.

Users can gain access to all of their alarm data in a single space, write reports based on information gathered by VirtSOC, monitor the overall health to their Sheriff Installations, manage rules for their installations, view system backups, lookup customer information, and manage a remote console and UI through VirtSOC.

Alarm Management

The Alarms Page provides all the information on alarms for a given network. The raw alarm data gathered by Sheriff is organized and condensed into digestible information in list form, allowing for a more streamlined diagnosis.

Alarm Query

The Alarm Query is a powerful Alarm Search Tool. The tool allows the user to add rules or groups of rules to help search for a specific alarm. The user can then use various boolean properties to narrow their search.

Alarms By Hour Graph

The Alarms By Hour Graph is a heat map of all of the alarms that have triggered on the network in the last 24 hours. It communicates what kind of activity occurred, when it occurred, and for how long.

Alarm Table

The Alarm Table is a table featuring every alarm on a network. The table show basic information about each alarm, all of which can be sorted using the Alarm Query Tool.

By clicking on an Alarm in the Alarm Table, a page will appear showing all of the details regarding an alarm and the events related to it. The raw data gathered by VirtSOC is converted into digestible information and provided to the user in list form. The user can then determine whether or not to act upon the alarm.

Custom Reports

Create reports based on certain criteria and run them to gather data. For example, a report can be created designed to pull up a list of all of the alarms that have occurred over the last 100 days.

Health Statistics

The Health Statistics page helps the user determine whether or not actions need to be taken.

Active Alerts

Shows all of the active alerts that impact the health of a network.

SIEM Appliance Status

Checks on the health of the Sheriff Installation.

Syslog Status

Syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity level.

OSSEC Status

OSSEC is a host intrusion detection system. This checks on the status of the OSSEC application.

Manage Rules

The Manage Rules Tab Allows Customers and MSSP’s to manage specific rules for their network and Sheriff Installations.

Rule Management

Users can construct rules for their network for a wide variety of purposes. Rules are constructed as follows:

NOT/AND/OR > Property > Operator (Equal, Contains, etc.) > Item.

Active Times

Users can establish a weekly calendar for when a rule is active or inactive at certain hours on a given day of the week. Users can also select “Work Day”, “After Hours”, or “Always” for streamlined scheduling.


The Backups tab provides you with all of the backups that have occurred on you or your customer’s network.

Config Backups

Configuration backups are kept for 7 days and are included with your VirtSOC subscription.

Log Backups

Log backups are only available for Sheriff. Backups are are replicated to multiple data centers and retention can be set for longer than the log retention interval on Sheriff.

Customer Information

The Customer Information Tab acts as a notebook for MSSP’s to store their customer’s information. This small organization aid can allow MSSP’s to quickly tab between a customer’s UI or SSH console and their Information Card, rather than having to keep a text file or sticky note that houses their information.

Login Information
Escalation Information
Additional Notes

Remote Access

Remotely Monitor you or your Customer’s Sheriff Installation from VirtSOC.

Remote Console

Open an SSH Console for you or your customer’s Sheriff Installation remotely through VirtSOC.

Remote UI

Open you or your customer’s Sheriff Installation User Interface through VirtSOC.

Ready to give Sheriff and VirtSOC a try? Reach out below!

Give us a holler!

Send Us an Email for Assistance