Gather Information Before Deploying the Module
Prior to implementing the User Threat Detection Module, use the pre-implementation checklist to gather the following information. This information is required when populating Lists and configuring individual AI Engine Rules:
-
Log Sources
-
Networks
-
Users
-
Applications
Import the Module
The PCI-DSS 3.2 Module is part of the LogRhythm Knowledge Base (KB). Updating the KB automatically creates the proper Lists and AI Engine Rules.
-
Download the newest Knowledge Base from the LogRhythm Community.
-
Open the LogRhythm Console.
-
In the Client Console on the Tools menu, click Knowledge, and then click Knowledge Base Manager.
To open the Knowledge Base Manager, the Deployment Manager must be closed.
-
On the File menu, click Import Knowledge Base File.
-
Select the newly downloaded Knowledge Base file, and then click Next to unpack and validate it.
This step takes a few minutes as the system unpacks the new Knowledge Base. -
When the import is complete, you may have the option to preview common event changes.
You should now be on step 4 in the Knowledge Base Import Wizard, “Import Knowledge Base." -
Scroll down, select Compliance Automation Suite: PCI-DSS 3.2, and then click OK.
-
To import the Knowledge Base, click Next.
You will receive confirmation that the import was successful. -
Click Next to review common event changes, or close the Knowledge Base import dialogue box.