Modify the Properties of Knowledge Base Modules
The LogRhythm Required Objects module is a module that is required for every deployment to function properly. It is always imported and synchronized with every Knowledge Base import and is not editable by administrators.
- Close any windows you have open in the Client Console.
On the Tools menu, click Knowledge, and then click Knowledge Base Manager.
The Knowledge Base Manager appears.In the Knowledge Base Modules grid, double-click a module to see its properties.
The Knowledge Base Module Properties dialog box appears.If the module is enabled, select the Import and Synchronize by default check box to import and synchronize any future Knowledge Base imports.
AIE Rule, Alarm Rule, and GLPR objects are not enabled by default within your deployment. You need to enable them manually.
If the module is enabled, select the Enable Intelligent Indexing check box. This ensures that the Reports, Report Packages, Tails, and Investigations have their log data indexed (in other words, brought online) into the applicable data source (Data Processor, LogMart, or both). You are prompted to confirm that you want to change the Intelligent Indexing setting.
The Global Log Processing Rules supersede Intelligent Indexing settings and can be used to take specific data offline.
- Do one of the following:
Select the Enable Dynamic Sync Settings check box. Enabling Dynamic Sync allows LogRhythm to automatically enable or disable rules and investigations on your deployment to keep the module up to date.
Clear the Enable Dynamic Sync Settings check box. Disabling Dynamic Sync disables all rules in the module and will need to manually re-enable the rules you need. The content of the rules will continue to be updated automatically, but the status will not.
Modules that are configured to allow Dynamic Sync are determined by LogRhythm. If a module is not configured for Dynamic Sync, the options is grayed out. Most modules are not configured for Dynamic Sync.
Click OK.