Knowledge Base Automatic Synchronization Settings allow you to set the Synchronization Mode, Schedule, and Synchronize Additional System Properties. These settings are accessed via the Automatic Synchronization Settings button.

  1. Set Synchronization Mode.
    1. On the Synchronization Mode tab, determine the Knowledge Base Automatic Synchronization Mode settings.
    2. Select the Enable Automatic Knowledge Base Download check box. When enabled, you can choose to enable the Knowledge Base Core synchronization, enable Knowledge Base Module synchronization, or stop synchronization when Common Event migrations are detected.
  2. Set Schedule. On the Schedule tab, set the schedule to check for Knowledge Base updates. Set the frequency (in days), time, and start date.
  3. Set Proxy Settings. On the Proxy Settings tab, set the following items:
    • Proxy Server Address. You must use the format http://<address> (for example, http://123.4.5.6/).
    • Proxy Server Port. If necessary, select the Proxy Server Requires Authentication check box and then provide the appropriate credentials.
  4. Set Synchronize Additional System Properties. When you have made customizations to filter criteria for System Reports, Investigations, or Tails, you must verify that the Advanced Settings are configured so as not to overwrite your customizations during import.

    If you are not familiar with the customizations that have been made to your deployment, obtain this knowledge and/or contact LogRhythm Support for assistance.
    Synchronize Additional System PropertiesDescription
    Log Processing Properties

    Common Events (Recommended)

    Synchronize all customizable Common Event properties; Classification, Risk Rating, and Description.
    Log Processing PoliciesSynchronize all system log processing policies, replacing any customized log and event management settings.
    Port and Protocol Application and Mappings (Recommended)Synchronize all system port and protocol application mappings. Custom mappings that conflict with system mappings will be replaced. Custom mappings that do not conflict with system mappings will be retained.
    Report Properties

    Log Source List Criteria

    Synchronize the Log Source Criteria for all system reports that use Log Source Lists.
    Filter CriteriaSynchronize the Filter Criteria for all system reports.
    Investigation Properties
    Log Source List CriteriaSynchronize the Log Source Criteria for all system Investigations that use Log Source Lists.
    Filter CriteriaSynchronize the Filter Criteria for all system Investigations.
    Tail Properties

    Log Source List Criteria

    Synchronize the Log Source Criteria for all system Tails that use Log Source Lists.
    Filter CriteriaSynchronize the Filter Criteria for all system Tails.
    AI Engine Rule Properties
    Log Source List CriteriaSynchronize the Log Source Criteria for all system AIE Rules that use Log Source Lists.
    Enable Advanced Synchronization SettingsSynchronize user editable rule evaluation settings for all system AIE Rules. This includes all Rule Block Time Limit settings, Unique Value Rule Block occurrences, and Threshold Rule Block values.
    Only Sync Additional Properties for Disabled RulesOnly synchronize advanced settings when the AIE rule is disabled.
    Disable Dynamic Sync Settings UniversallyManage all dynamic sync rules manually instead of allowing LogRhythm to update them for you as the module content changes. Manual settings persist after Knowledge Base synchronization. Deselecting this setting does not change settings on existing modules. This feature is turned on by default, but most modules are not configured for Dynamic Sync. Modules that are configured to allow Dynamic Sync are determined by LogRhythm. 
    Alarm Rule Properties
    Log Source List CriteriaSynchronize the Log Source Criteria for all system Alarm Rules that use Log Source Lists.
    Primary Criteria and Filter CriteriaSynchronize the Primary Criteria, Include Filters and Exclude Filters for all Alarm Rules with System: Global Admin permission.
    Global Log Processing Rule Properties
    Log Source List CriteriaSynchronize the Log Source Criteria for all system GLPRs that use Log Source Lists.