Skip to main content
Skip table of contents

201 CMR 17 Deployment Guide – Configure the Compliance Module


LogRhythm requires that you configure some objects included in the 201 CMR 17 Compliance Module. This section describes the steps you must perform.

Intelligent Indexing

Intelligent Indexing allows Reports, Investigations, and Tails to keep the appropriate log data online in the Log Manager/Data Processor. Care must be taken when choosing which object to allow Intelligent Indexing as broad criteria can cause an exceptional amount of online data and overwhelm the Log Manager/Data Processor. For a list of Intelligent Indexing-capable objects and their recommended settings, see the matrix of Investigations.

Population of the Lists and User Profiles

Each 201 CMR 17 Compliance List must be populated with data collected using the Pre-Implementation Checklist. Complete the following sections to populate all required lists.

Populate Log Source Lists

  1. Open the LogRhythm Console and click List Manager.
  2. Right-click the name of a 201 CMR 17 Log Source List, and then click Properties.
  3. To view the log sources selector, click Add Item.
  4. Search for and select all log sources that you want, and then click OK.
  5. To save the list, click OK.
  6. Repeat this process (steps 1-5) for all 201 CMR 17 Log Source Lists from your checklist.

Populate Users Lists

  1. Open the LogRhythm Console and click List Manager.
  2. Right-click the name for a 201 CMR 17 Users List, and then click Properties.
  3. Select the Username for the Item Type.
  4. Type in the username in the Add Item field.
  5. Click Add Item to add the username.
  6. Repeat steps 4-5 for all usernames.
  7. To save the list, click OK.
  8. Repeat this process (steps 1-7) for all 201 CMR 17 Users Lists from your checklist.

Activate and Configure Alarms

All alarms included in the 201 CMR 17 Compliance Module are disabled by default.

  1. Open the LogRhythm Console and click Deployment Manager.
  2. Click the Alarms tab.
  3. Select all the 201 CMR 17 alarms .
  4. Right-click the Alarm Manager, click Actions, and then click Enable.

All alarms included in the 201 CMR 17 Compliance Module must be configured for notifications.

  1. Open the LogRhythm Console and click Deployment Manager.
  2. Click the AI Engine tab.
  3. Select each of the  201 CMR 17 alarms that share notification personnel.
  4. Right-click the AI Engine Rule Manager, click Actions, and then click Batch Notification Editor.
  5. Select all the roles, individuals, or groups to be notified, and then click OK to save the notifications.
  6. Repeat Steps 2-5 for all alarms that share notification personnel.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close