Threat Intelligence Service (TIS)
This feature is supported but not installed and configured by default. Customers should open a support case requesting this feature if required. Additionally, due to some current limitations, the Threat Intelligence Service (TIS) Configuration Manager cannot be presented to the customer for now. The customer needs to open a support case if they need to make a change to the TIS service. To make these changes, customers should complete the following steps and provide the lrtfsvcconfig.json config file in the support ticket.
To create a TIS configuration and provide it to LogRhythm, do the following steps:
- Install TIS on any machine in your environment.
- During the initial configuration, do not provide a SQL server or test the connection.
Click the three-dot button next to the List Path textbox and select the default path available.
The default path is C:\Program Files\LogRhythm\LogRhythm Job Manager\config\list_import
- As we are not completing the configuration, this dialog box will open each time the TIS user interface (UI) is opened.
The main TIS screen will appear. - Configure TIS as per your requirements, including any custom STIX/TAXII providers.
- Once configured, open a support case and upload the lrtfsvcconfig.json file located in C:\Program Files\LogRhythm\LogRhythm Threat Intelligence Service\config.