Skip to main content
Skip table of contents

Center for Internet Security Critical Security Controls Module User Guide

This guide is for LogRhythm administrators who are responsible for the security of their organization’s infrastructure.


This guide assumes the following:

  • The CIS Critical Security Controls Module has been imported and the AI Engine rules needed are enabled following the steps in the CIS Critical Security Controls Module Deployment Guide.
  • Appropriate log sources, such as LogRhythm System Monitor Agents, Windows Security Events, Firewalls, Intrusion Detection Systems, Anti Virus, and others have been configured to work with LogRhythm.
  • In order to identify internal and external sources for directional traffic, the network entity structure has been configured.
  • The LogRhythm Lists referenced by rules in this suite have been configured to the organization’s environment.

How to Use This Guide

This guide is meant to be used as a day-to-day reference for the CIS-CSC content. All the content included in this module is listed here along with a detailed explanation, suggested response, and configuration and tuning notes.

Suppression Multiple: The Suppression Multiple in conjunction with the Suppression Period defines how much time must pass before the same AI Engine rule can be triggered again for the same set of criteria.

Environmental Dependence Factor: EDF is a high-level quantification of how much effort is required in configuration and tuning for an AI Engine rule to perform as expected. This setting has no impact on processing.

False Positive Probability: The False Positive Probability is used in Risk-Based Priority (RBP) calculation for AI Engine Rules. It estimates how likely the rule is to generate a false positive response. A value of low indicates the pattern the rule matches is almost always a true positive. However, a value of high indicates the pattern the rule matches is very likely to be a false positive.

Options range from 0 to 9 with:

  • 0 indicating the pattern the rule matched is almost always a true positive
  • 9 indicating the pattern the rule matched is very likely to be a false positive

This guide is divided into the following sections:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.