- On your Windows machine, click Start, click LogRhythm, and then click LogRhythm RBP Calculator.
Enter valid credentials for the LogRhythm Platform Manager’s EMDB.
The machine on which the RBP Calculator is installed must have network connectivity over port 1433 to the machine on which the EMDB is running.
- Choose whether to calculate MPE RBP or AIE RBP. Depending on which calculation is selected, the calculator controls become active or inactive, and the corresponding RBP formula appears on the upper-right side of the calculator.
Choose values for the STL (Origin) and DRL (Impacted) Hosts. These values can be Known Hosts selected from the drop-down menu or Unknown Hosts specified by IP address or hostname. The STL and DRL for each chosen host appear in the Effective STL and Effective DRL fields.
Do one of the following:
For MPE RBP, choose the Message Classification and Common Event.
For AIE RBP, choose the AIE Rule, Risk Rating, and False Positive Probability.
Verify that the global RBP settings are appropriate.
Changing these values in the calculator does not impact the LogRhythm deployment in any way.
Click Calculate RBP.
The RBP rating appears in the box above the Calculate RBP button.
To clear the RBP Calculator values, click Reset.
Clicking Reset in the calculator does not impact the LogRhythm deployment in any way.
Based on the calculations performed in the Calculator, you may wish to adjust certain settings to achieve a higher or lower RBP value. If the RBP value the RBP Calculator produces is too high or too low, users can adjust settings such as the Rule Risk Rating and False Positive Probability values for the AIE Rule, and then recalculate the RBP value until satisfactory.
For example, an AIE Rule has a Risk Rating of 9 and the calculated RBP for a pair of Known Hosts is 76, but you would like that rule to result in a lower RBP value. In that case, lower the Rule Risk Rating value for the AIE Rule and then click Calculate RBP. Repeat this process until it produces the value you want.