Network Detection and Response Deployment Guide – Import and Synchronize the Module

The Network Threat Detection Module is part of the LogRhythm Knowledge Base (KB). Updating the KB automatically creates the proper Lists and AI Engine Rules.

1. In the Client Console on the Tools menu, click Knowledge, and then click Knowledge Base Manager.

   

   To open the Knowledge Base Manager, the Deployment Manager must be closed.

2. Under Knowledge Base Modules, find the Network Threat Detection module.
   If the module is available, you will see Network Threat Detection in the grid. If the module name does not appear, update the Knowledge Base by doing either of the following:
   • Automatic Download. Click Check for Knowledge Base Updates, and then click Synchronize Stored Knowledge Base.
   • Manual Download. For manual download instructions, see Import a Knowledge Base.
3. Locate the Enabled column in the grid. If the box is checked, the module is already enabled and available to users in the SIEM deployment. If the Enabled box is not checked, enable the module by selecting its Action check box, right-clicking the module name, clicking Actions, and then clicking Enable Module.
   A dialogue box appears to enable the selected module(s).
4. Leave the Enable Intelligent Indexing on Module Objects cleared unless you fully understand the effects of this setting. For more information, see the Intelligent Indexing topic in the LogRhythm SIEM Reference Guide.