Financial Fraud Detection Deployment Guide – Import and Synchronize the Module

Gather Important Information

The following information should be gathered prior to implementing the Financial Fraud Detection Module. This information will be required when populating Lists and configuring individual AI Engine Rules:

• Suspicious countries (unlikely to observe legitimate banking activity)
• At-risk accounts
• Online banking and transaction data-related log sources

Import the Module

The Retail Cyber Crime Module is part of the LogRhythm Knowledge Base (KB). Updating the KB automatically creates the proper Lists and AI Engine Rules.

1. In the Client Console on the Tools menu, click Knowledge, and then click Knowledge Base Manager.

   

   To open the Knowledge Base Manager, the Deployment Manager must be closed.

2. Under Knowledge Base Modules, find the Financial Fraud Detection module.
   If the module is available, you will see Financial Fraud Detection in the grid. If the module name does not appear, update the Knowledge Base by doing either of the following:
   • Automatic Download: Click Check for Knowledge Base Updates, and then click Synchronize Stored Knowledge Base.
   • Manual Download: For manual download instructions, see Import a Knowledge Base.
3. Locate the Enabled column in the grid. If the box is checked, the module is already enabled and available to users in the SIEM deployment. If the Enabled box is not checked, enable the module by selecting its Action checkbox, right-clicking the module name, clicking Actions, and then clicking Enable Module.
   A dialogue box appears to enable the selected module(s).