LogRhythm requires that you configure some objects included in the NRC Compliance Package. This section describes the steps you must perform.
Enable Intelligent Indexing
Intelligent Indexing allows Reports, Investigations, and Tails to keep the appropriate log data online in the Log Manager. Care must be taken when choosing which object to allow Intelligent Indexing as broad criteria can cause an exceptional amount of online data and overwhelm the Log Manager. For a list of Intelligent Indexing-capable objects and their recommended setting, see NRC RG 5.71—Reports.
Configure LogRhythm Data Management Settings
LogRhythm Compliance Packages rely on log data to be forwarded to various LogRhythm databases for the reports to properly populate and for proper archiving as dictated by the regulation. To ensure log data is being forwarded to the required databases, follow the data management steps outlined in Find More Information.
Classify Assets into Log Source Lists
Each NRC compliance-relevant log source must be classified into one of the NRC Log Source Lists. To see recommendations for which Technology Association may fall under which NRC Log Source List Category, see NRC RG 5.71—Lists.
Activate Default Alarms
All alarms included in the NRC Compliance Package are disabled by default. To meet compliance requirements, they must be enabled. For more information, see . In some cases, additional customization may be required to minimize false alarms.
|
Alarms |
Regulation Notes |
Suppression |
Threshold |
|---|---|---|---|
|
NRC: Alarm on Compromise |
Best practice |
30 min |
Single Event |
|
NRC: Alarm on Audit Log Write Failure |
Indicates a system may be shutting down due to the inability to audit |
30 min |
Single Event |
Check Investigations
The following investigations should be contained in the Investigation tab.
|
Investigations |
Intelligent Indexing |
Regulation Notes |
|---|---|---|
|
NRC: Network Connection Summary |
No |
Monitoring of compliance |
|
NRC: Network Service Summary |
No |
Monitoring of compliance |