Install and Enable the Compliance Package
The DoDI 8500.2 Compliance Package is provided as part of the LogRhythm Knowledge Base. Updating the LogRhythm Knowledge Base automatically creates the proper Log Source Lists, Alarm Rules, System Reports, and Report Packages.
- Download the latest Knowledge Base, available under Documentation & Downloads on the LogRhythm Community.
- Open the LogRhythm Console.
On the Tools menu, click Knowledge, and then click Knowledge Base Manager.
To open the Knowledge Base Manager, the Deployment Manager must be closed.
- On the File menu, click Import Knowledge Base File.
- Select the newly downloaded Knowledge Base file, and then click Next to unpack and validate it.
This step takes a few minutes as the system unpacks the new Knowledge Base.
When the import is complete, you may have the option to preview common event changes.
You should now be on step 4, “Import Knowledge Base.”
- To import the Knowledge Base, click Next.
Upon completion, the Import Progress Import Completed message appears.
- Click OK.
The Knowledge Base Updated message appears.
- Click OK.
- On the Knowledge Base Import Wizard, click Close.
- In the Knowledge Base Modules grid, scroll down, search for Compliance Automation Suite: GDPR.
- Locate the Enabled column in the grid for the module. If the box is checked, the Module is already enabled and available to users in the SIEM deployment. If the Enabled box is not checked, enable the Module by selecting its Action check box, right-clicking the Module name, then clicking Actions, and clicking Enable Module.
- Click Next to import the Knowledge Base.
You will receive confirmation that the import was successful.
- Click Next to review common event changes, or close the Knowledge Base import dialog box.
Verify the Installation
After you install the Knowledge Base, the DoDI 8500.2 Compliance Package should be ready to configure. This section shows how you can verify that the DoDI 8500.2 Compliance Package has been installed properly.
Check Alarm List
The following alarm rule should be present on the Alarm Rules tab of Deployment Manager: DoDI 8500.2: Alarm On Compromise.
Check Reports and Report Packages Lists
For a list of reports that should be present on the Reports tab of Report Center, see DoDI 8500.2—Reports
The following Report Package should be contained on the Report Packages tab of Report Center: LogRhythm DoDI 8500.2 Report Package.
Check Log Source Lists
For a list of log source lists that should be present within the Log Source List Manager, see DoDI 8500.2—Lists.