The Knowledge Base (KB) contains the Threat Intelligence Service Module, which provides AIE rules and LogRhythm lists. The KB also contains vendor modules that include vendor lists. Follow the steps below to enable and import these modules in your deployment.
Log in to the Client Console as a Global Administrator.
On the Tools menu, click Knowledge, and then click Knowledge Base Manager.
The Knowledge Base Manager cannot be opened if you have other Managers open, such as the Deployment Manager or List Manager.
- To check for an updated KB file, click Check for Knowledge Base Updates.
- In the Knowledge Base Manager, type Threat Intelligence in the module name filter box.
The grid displays a basic module called Threat Intelligence Service, plus the vendor threat feed modules that are available in the KB.
- Ensure that you have enabled the Threat Intelligence Service module and the vendor modules that you want to use. For example, “Threat Intelligence Service : Symantec.”
- Select the Action check box for each module that you want to enable.
- Right-click in the module grid, click Actions, and then click Enable Modules.
- If prompted to confirm that you want to enable the selected modules, ensure that the Synchronize Stored Knowledge Base check box is selected, and then click OK.
- If you were not prompted to confirm the selected modules, click Synchronize Stored Knowledge Base and follow the process in the Knowledge Base Import Wizard.
- In step 4 of the wizard, select the Threat Intelligence Service and Threat Intelligence Service : <Vendor> modules, and then click Next.
- After the Knowledge Base synchronizes, click Close to exit the Knowledge Base Import Wizard.
- When you are finished, click OK to close the Knowledge Base Manager.