Skip to main content
Skip table of contents

Financial Fraud Detection Deployment Guide – Configure the Module

Configure Lists

There are user-configurable lists included with the module. Use these lists to narrow the scope of AI Engine Rules and to filter events.

  1. Open the LogRhythm Console and click List Manager on the main toolbar.
  2. Use the Name or List ID column filter to find the list you want from those shown in the table below.

    List ID

    List Name

    Rule ID

    Rule Name


    FFD: Suspicious Countries


    FFD: Login from Suspicious Host


    FFD: At-Risk Accounts


    FFD: At-Risk Account Logged In


    FFD: Online Banking



  3. To open the List Properties window, double-click the list.
  4. Click on the List Items tab, and then click Add Item.
  5. Use the Add Item dialog to add items to the list individually by IP Address, IP Address Range, Hostname, or Known Host, or click Import to import a text file or clipboard contents.
  6. Click Apply and then click OK.

Enable AI Engine Rules

  1. Open the LogRhythm Console and click Deployment Manager on the main toolbar.
  2. Click the AI Engine tab.
  3. Filter in the Rule Group column for FFD to find AI Engine rules tied to this module.
  4. Select the Action check box of each rule you want to configure.
  5. Right-click the AI Engine Rule Manager, click Actions, click Batch Enable Alarms, and then click Enable Alarms.
  6. If the Restart column displays “Needed” for a rule, you must restart the AI Engine service to load the new rules. Click Restart AI Engine Servers at the top of the window. (This action only restarts the necessary services, not the appliance itself.)

    You must select the AI Engine instance in the View field to see the Restart column.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.