Skip to main content
Skip table of contents

Enable the Knowledge Base Module

The LogRhythm Knowledge Base UEBA module contains rules that make use of LogRhythm UEBA outputs. To take full advantage of the use cases, the module must be enabled.

To enable the module:

  1. Log in to the LogRhythm Client Console as a Global Administrator.
  2. On the main toolbar, click Tools, click Knowledge, and then click Knowledge Base Manager.
    The Knowledge Base Manager appears.
  3. In the Knowledge Base Modules grid, select the Action check box for the User and Entity Behavior Analytics module.
  4. Right-click the selected module, click Actions, and then click Enable Module.
  5. To close the Knowledge Base Manager, click OK.
  6. On the main toolbar, click Deployment Manager.
  7. Click the AI Engine tab.
  8. Select the Action check boxes for the CloudAI rules.
  9. Right-click the selection, click Actions, and then click Enable.
  10. At the bottom of the window, click the Workloads tab.
  11. In the Workloads grid, select the default Workload.
  12. In the Rule Sets grid, select the Action check box of the Rule Set that contains the UEBA rules.
  13. Right-click the selection, click Actions, and then click Include in Workload.
    The Include Rule Sets message box appears.
  14. To assign the Rules to the Workload, click OK.
    The Rules Included confirmation message appears.
  15. Click OK.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close