Financial Fraud Detection Module Deployment Guide
This guide is intended for LogRhythm Administrators and Fraud Team Management responsible for the management of the organization’s LogRhythm Deployment and fraud detection functions.
Module Contents
This module adds to an existing LogRhythm deployment, as follows:
- 19 AI Engine Rules
- 3 Lists
Overview of Steps
This guide is divided into the following sections:
Data Collection Requirements
The AI Engine rules and other content in this module require special types of data to be collected by the SIEM. Because many financial institutions use in-house or custom online banking systems, LogRhythm cannot provide log parsing rules for these logs. A LogRhythm Administrator will be required to write parsing rules for these log sources. While writing parsing rules, please be sure to use the following Common Events to successfully trigger AI Engine rules. Other Common Events can and should be used in addition to these, but these are required for various AI Engine rules.
- ACH Payee Created
- ACH Transfer Scheduled
- Checking Account Created
- Contact Email Changed
- Debit/Credit Card Activated
- Device Registered
- Mailing Address Changed
- Password Modified
- User Login
- User Logon Failure
When writing MPE rules to parse financial logs, please ensure that the unique account identifier (account number or login name, etc) is parsed into the Account field. If more than one exists, parse the additional identifiers into the Login field. By default, many of these logs will not be forwarded as events. If you wish to have this activity appear on Dashboards, be sure to enable the setting per MPE rule to Forward as Event.