Retail Cyber Crime Deployment Guide – Import and Synchronize the Module

Gather Important Information

The following information should be gathered prior to implementing the Retail Cyber Crime Module. This information will be required when populating Lists and configuring individual AIE rules:

• POS Endpoints
• Payment System Endpoints

Import the Module

The Retail Cyber Crime Module is part of the LogRhythm Knowledge Base (KB). Updating the KB automatically creates the proper Lists and AI Engine Rules.

1. In the Client Console on the Tools menu, click Knowledge, and then click Knowledge Base Manager.

   

   To open the Knowledge Base Manager, the Deployment Manager must be closed.

2. Under Knowledge Base Modules, find the Retail Cyber Crime module.
   If the module is available, you will see Security: Retail Cyber Crime in the grid. If the module name does not appear, update the Knowledge Base by doing either of the following:
   • Automatic Download. Click Check for Knowledge Base Updates, and then click Synchronize Stored Knowledge Base.
   • Manual Download. For manual download instructions, see Import a Knowledge Base.
3. Locate the Enabled column in the grid. If the box is checked, the module is already enabled and available to users in the SIEM deployment. If the Enabled box is not checked, enable the module by selecting its Action check box, right-clicking the module name, clicking Actions, and then clicking Enable Module.
   A dialogue box appears to enable the selected module(s).