Financial Fraud Detection Deployment Guide – Configure the Module

Configure Lists

There are user-configurable lists included with the module. Use these lists to narrow the scope of AI Engine Rules and to filter events.

1. Open the LogRhythm Console and click List Manager on the main toolbar.

2. Use the Name or List ID column filter to find the list you want from those shown in the table below.

   List ID	List Name	Rule ID	Rule Name
   -2457	FFD: Suspicious Countries	911	FFD: Login from Suspicious Host
   -2456	FFD: At-Risk Accounts	905	FFD: At-Risk Account Logged In
   -2455	FFD: Online Banking	n/a	n/a

3. To open the List Properties window, double-click the list.
4. Click on the List Items tab, and then click Add Item.
5. Use the Add Item dialog to add items to the list individually by IP Address, IP Address Range, Hostname, or Known Host, or click Import to import a text file or clipboard contents.
6. Click Apply and then click OK.

Enable AI Engine Rules

1. Open the LogRhythm Console and click Deployment Manager on the main toolbar.
2. Click the AI Engine tab.
3. Filter in the Rule Group column for FFD to find AI Engine rules tied to this module.
4. Select the Action check box of each rule you want to configure.
5. Right-click the AI Engine Rule Manager, click Actions, click Batch Enable Alarms, and then click Enable Alarms.

6. If the Restart column displays “Needed” for a rule, you must restart the AI Engine service to load the new rules. Click Restart AI Engine Servers at the top of the window. (This action only restarts the necessary services, not the appliance itself.)

   

   You must select the AI Engine instance in the View field to see the Restart column.