Gather Information Before Deploying the Module
Use the pre-implementation checklist to gather the following information should be gathered prior to implementing the User Threat Detection Module. This information is required when populating Lists and configuring individual AI Engine Rules:
- Log Sources
- General Values
Import the Module
The SOX Module is part of the LogRhythm Knowledge Base (KB). Updating the KB automatically creates the proper Lists and AI Engine Rules.
- Download the newest Knowledge Base from the LogRhythm Community.
- Open the LogRhythm Console.
In the Client Console on the Tools menu, click Knowledge, and then click Knowledge Base Manager.
To open the Knowledge Base Manager, the Deployment Manager must be closed.
- On the File menu, click Import Knowledge Base File.
- Select the newly downloaded Knowledge Base file, and then click Next to unpack and validate it.
This step takes a few minutes as the system unpacks the new Knowledge Base.
- When the import is complete, you may have the option to preview common event changes.
You should now be on step 4 in the Knowledge Base Import Wizard, “Import Knowledge Base."
- Scroll down, select Compliance Automation Suite: SOX, and then click OK.
- To import the Knowledge Base, click Next.
You will receive confirmation that the import was successful.
- Click Next to review common event changes, or close the Knowledge Base import dialog box.