ASD Deployment Guide – Verify the Installation
After you install the Knowledge Base, the ASD Compliance Automation Suite should be ready to configure. This section shows how you can verify that the ASD Compliance Automation Suite has been installed properly. As this was built around the Consolidated Compliance Framework (CCF) methodology, it utilizes CCF content. It is important to leverage scope definition, system inventory, data classification, and audit evidence to build out Entity Structure and populate related lists.
Intelligent Indexing
Intelligent Indexing allows Reports, Investigations, and Tails to keep the appropriate log data online in the Log Manager/Data Processor. Care must be taken when choosing which object to allow Intelligent Indexing as broad criteria can cause an exceptional amount of online data and overwhelm the Log Manager/Data Processor. For events that are less mission-critical or become 'noisy', this feature can be applied to further streamline and prioritize incoming log data.
Check Lists
Select, Verify, and populate thirty-six (36) total Lists are contained in the List Manager. The Lists are available in the CCF documentation.
Lists should be established based on the content that is enabled (see the following three sections).
Check AIE Rules
Verify sixty-nine (69) AI Engine Rules are contained in the Advanced Intelligence (AI) Engine Rule Manager found in the Deployment Manager.
Check Investigations
Verify thirty-three (33) Investigations are contained in the LogRhythm Client Console.
Check Reports
Verify thirty-seven (37) Reports and four (4) Reporting Packages are contained in the Reports tab of the Report Center.