After you install the Knowledge Base, you can configure the CIS Controls Security Control Suite. This section shows how you can verify that the CIS Controls Security Control Suite was properly installed.
Intelligent Indexing allows reports, investigations, and tails to keep the appropriate log data online in the Log Manager/Data Processor. Be careful when choosing which object to allow Intelligent Indexing, because broad criteria can cause an exceptional amount of online data and overwhelm the Log Manager/Data Processor. For a list of Intelligent Indexing-capable objects and their recommended settings, see the module matrices.
Verify thirty-three (33) total Lists are contained in the List Manager. The Lists are available in the CCF documentation.
Establish Lists based on the content that is enabled (see the following three sections).
Check AIE Rules
Verify forty-one (41) AI Engine Rules are contained in the Advanced Intelligence (AI) Engine Rule Manager found in the Deployment Manager.
Verify twenty-nine (29) Investigations are contained in the LogRhythm Client Console.
Check Summary Reports
Verify thirty (30) Summary Reports are contained in the Reports tab of the Report Center.
Check Detailed Reports
Verify five (5) Detailed Reports are contained in the Reports tab of the Report Center.
Check Reporting Packages
Verify four (4) Reporting Packages are contained in the Report Packages tab of the Report Center.