Epic Hyperspace App – AI Engine Rules
Rule ID | Rule Name | Minimum Data Requirement | Configuration Steps |
|---|---|---|---|
1244 | Epic : Login Via VPN | Epic Hyperspace/VPN | 1st Log Observed Rule Block must be configured using the Include Criteria to an available VPN log source type, several popular VPN log source types are already populated. Alternatively or in addition, Log Source Criteria can be limited to an available VPN log source. |
1313 | Epic : Unusual Successful Break-The-Glass Events | Epic Hyperspace | Trend Monitor Rule Block can be configured within the Time and Schedule tab to relevant hours/days and Log Count Comparison in Expressions can be modified to a desired threshold. For improved performance, Log Source Criteria can be modified in the Trend Monitor Rule Block to be limited to Epic Hyperspace log sources. |
1314 | Epic : Unusual Unsuccessful Break-The-Glass Events | Epic Hyperspace | Trend Monitor Rule Block can be configured within the Time and Schedule tab to relevant hours/days and Log Count Comparison in Expressions can be modified to a desired threshold. For improved performance, Log Source Criteria can be modified in the Trend Monitor Rule Block to be limited to Epic Hyperspace log sources. |
1315 | Epic : Reconnaissance Activity Followed By Logon Attempt | Epic Hyperspace | 1st Log Observed Rule Block Include Filter must be configured to filter only on Epic Hyperspace system Entities. For improved performance, Log Source Criteria can be modified in both Rule Blocks to be limited to Epic Hyperspace log sources. |
1317 | Epic : Unusual Patient Record Accesses | Epic Hyperspace | Trend Monitor Rule Block can be configured within the Time and Schedule tab to relevant hours/days and Log Count Comparison in Expressions can be modified to a desired threshold. For improved performance, Log Source Criteria can be modified in the Trend Monitor Rule Block to be limited to Epic Hyperspace log sources. |
1318 | Epic : Unusual Login Activity | Epic Hyperspace | Trend Monitor Rule Block can be configured within the Time and Schedule tab to relevant hours/days and Log Count Comparison in Expressions can be modified to a desired threshold. For improved performance, Log Source Criteria can be modified in the Trend Monitor Rule Block to be limited to Epic Hyperspace log sources. |
1319 | Epic : Unauthorized Host Logon | Epic Hyperspace | Log Observed Rule Block Include Criteria must have an entity defined for hosts authorized to access Epic |
1320 | Epic : Unusual Password Change Activity | Epic Hyperspace | Threshold Observed Rule Block Log Count Thresholds and Time Limit can be adjusted as desired. |