Skip to main content
Skip table of contents

CCF Deployment Guide – Install the Package

Install and Enable the Compliance Module

The CCF Compliance Automation Suite is provided as part of the LogRhythm Knowledge Base. Updating the LogRhythm Knowledge Base automatically creates the proper Lists, AIE Rules, Investigations, Reports, Reporting Packages.

To import the Knowledge Base

  1. Download the latest Knowledge Base, available under Documentation & Downloads on the LogRhythm Community.
  2. Open the LogRhythm Console.
  3. On the Tools menu, click Knowledge, and then click Knowledge Base Manager.

    To open the Knowledge Base Manager, the Deployment Manager must be closed.
  4. On the File menu, click Import Knowledge Base File.
  5. Select the newly downloaded Knowledge Base file, and then click Next to unpack and validate it.
    This step takes a few minutes as the system unpacks the new Knowledge Base.
  6. When the import is complete, you may have the option to preview common event changes.
    You should now be on step 4, Import Knowledge Base.
  7. To import the Knowledge Base, click Next.
    Upon completion, the Import Progress Import Completed message appears.
  8. Click OK.
    The Knowledge Base Updated message appears.
  9. Click OK.
    On the Knowledge Base Import Wizard, click Close.
  10. In the Knowledge Base Modules grid, scroll down, and search for Compliance Automation Suite: CCF.
  11. Locate the Enabled column in the grid for the module. If the box is checked, the Module is already enabled and available to users in the SIEM deployment. If the Enabled box is not selected, enable the Module by selecting its Action check box, right-clicking the Module name, clicking Actions, and then clicking Enable Module.
  12. To import the Knowledge Base, click Next
    You receive confirmation that the import was successful.


Verify the Installation

After you install the Knowledge Base, the CCF Compliance Automation Suite is ready to configure. This section shows how you can verify that the CCF Compliance Automation Suite has been installed properly.

Intelligent Indexing

Intelligent Indexing allows Reports, Investigations, and Tails to keep the appropriate log data online in the Log Manager/Data Processor. Care must be taken when choosing which object to allow Intelligent Indexing as broad criteria can cause an exceptional amount of online data and overwhelm the Log Manager/Data Processor. For a list of Intelligent Indexing-capable objects and their recommended settings, see the module matrices.

Check Lists

Verify thirty-six (36) total Lists are contained in the List Manager. The CCF: All Log Sources List should be populated based on the defined scope of your CCF compliance. All other lists relate to the CCF approach being applied to the CCF Compliance Automation Suite. Not all lists are required and should be applied according to your organization’s defined scope & system classifications.

Check AIE Rules

Verify sixty-nine (69) AI Engine Rules are contained in the Advanced Intelligence (AI) Engine Rule Manager found in the Deployment Manager.

Check Investigations

Verify thirty-two (33) Investigations are contained in the LogRhythm Client Console.

Check Summary Reports

Verify thirty-four (35) Summary Reports are contained in the Reports tab of the Report Center.

Check Detailed Reports

Verify two (2) Detailed Reports are contained in the Reports tab of the Report Center tab.

Check Reporting Packages

Verify four (4) Reporting Packages are contained in the Report Packages tab of the Report Center tab.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.