CIS-CSC Deployment Guide – Import and Synchronize the Module

The CIS CSCM is provided as part of the LogRhythm Knowledge Base (KB). Updating the KB automatically creates the proper Lists and AI Engine Rules.

Make sure the CIS Critical Security Controls Module is imported and enabled, as described in this section.

1. In the Client Console on the Tools menu, click Knowledge, and then click Knowledge Base Manager.

   

   To open the Knowledge Base Manager, the Deployment Manager must be closed.

2. Under Knowledge Base Modules, find the CIS Critical Security Controls module.
   If the module is available, you will see Network Threat Detection in the grid. If the module name does not appear, update the Knowledge Base by doing either of the following:
   • Automatic Download. Click Check for Knowledge Base Updates, and then click Synchronize Stored Knowledge Base.
   • Manual Download. For manual download instructions, see Import a Knowledge Base.
3. Locate the Enabled column in the grid. If the box is checked, the module is already enabled and available to users in the SIEM deployment. If the Enabled box is not checked, enable the module by selecting its Action check box, right-clicking the module name, clicking Actions, and then clicking Enable Module.
   A dialog box appears to enable the selected module(s).
4. Leave the Enable Intelligent Indexing on Module Objects cleared unless you fully understand the effects of this setting. For more information, see Intelligent Indexing.