KB Synchronization Settings for LSO

To utilize the MPE rule improvements made as part of Log Source Optimization (LSO), you must download and apply Knowledge Base (KB) version 7.1.591.0 or above.

To apply KB 7.1.591.0 or above and update objects for LSO:

1. Log in to the LogRhythm Client Console with Administrator rights.
2. Click Tools, click Knowledge, and then click Knowledge Base Manager.
3. Click Synchronization Settings.
4. Click the Synchronize Additional System Properties tab.
5. (Recommended) Take a screenshot of the current settings in case you need to revert in the future.
6. Make changes to the following sections:
   1. Report Properties. Select the Filter Criteria checkbox.
   2. Investigation Properties. Select the Filter Criteria checkbox.

   3. Tail Properties. Select the Filter Criteria checkbox.

      

      Enabling these options synchronizes system AIE Rules, Reports, Investigations, and Tails with the changes available in the KnowledgeBase. Verify the changes available in latest KB by using the LSO mapping documentation provided for each log source type.

7. Click OK.
   
   

   

   Depending on system performance, this will take approximately 5–10 minutes.
8. Close the Knowledge Base Manager.
9. To confirm the new KB version, click Help on the main toolbar, and then click About LogRhythm. The Core Knowledge Base Version should be KB 7.1.591.0 or above.