Skip to main content
Skip table of contents

Current Active Threat Module Deployment Guide

Due to the dynamic threat landscape today’s organizations operate are reflected within the CAT module through the use of Threat Intel AIE Rules. These rules are part of the dynamic module framework which are continually in flux. With any given CAT module KB release, content within the module may be added or subtracted from the module in the next KB release. To keep this Deployment Guide relevant over a longer period, this guide will only address the basic framework supplied by the CAT module, and will only be representative of contents which is not designed to be altered or adjusted with each KB release. These items include:

  • CAT: Metadata Field Lists
  • CAT: Canary Lists
  • CAT: Canary List Rules
  • CAT: Severity Increase Rules

This guide is for LogRhythm administrators who handle the security of their organization’s infrastructure and for anyone installing and configuring the SIEM.

Module Contents

This module adds to an existing LogRhythm deployment, as follows:

  • 16 Core Advanced Intelligence Engine Rules
  • 7 Canary Lists
  • 64 Metadata Lists
  • 1 Web Console Dashboard


The deployment of the CAT Module assumes the following:

  • The overall LogRhythm Deployment is in a fully developed state and is healthy.
  • Minimum LogRhythm software version 7.3.1 deployed.
  • Log sources have been vetted to ensure log source parsing is being performed properly.

Overview of Steps

This guide is divided into the following sections:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.