Skip to main content
Skip table of contents

Epic Hyperspace App Deployment Guide – Configure the Module

Configure Syslog in Epic Hyperspace

Epic Hyperspace must be configured to send Common Event Format (CEF) logs to the LogRhythm SIEM. For complete instructions, see the LogRhythm Epic Hyperspace Device Configuration Guide.

Configure Individual AI Engine Rules

This Module contains a collection of AI Engine Rules. Some rules require additional configuration to ensure that they work properly. The table below outlines which AI Engine Rules require configuration and details the configuration steps.

Enable AI Engine Rules

All AIE Rules included in the Epic Hyperspace App are disabled by default.

  1. Open the LogRhythm Console and click Deployment Manager.
  2. Click the AI Engine tab.
  3. Select all the Epic Hyperspace App—AI Engine Rules.
  4. Right-click the AI Engine Rule Manager, click Actions, and then click Enable.
  5. To confirm that you want to enable the selected rules, click Yes.

  6. If the Restart column displays “Needed” for a rule, you must restart the AI Engine service to load the new rules.

    You must select the AI Engine instance in the View field to see the Restart column.


    If needed, click Restart AI Engine Servers at the top of the window. This action only restarts the necessary services, not the appliance itself.

  7. Because of network variability, you should tune AI Engine rules for optimal performance within your environment. To view tuning and configuration notes for a rule, right-click the rule, click Properties, and then click the Information tab.

Your LogRhythm Professional Services Engineer can also provide assistance with tuning AI Engine Rules for your environment.

Enable AI Engine Rule Alarming

By default, alarming is initially turned off for all AI Engine Rules. Even without alarms, however, events are still generated when the rule is enabled and its criteria are satisfied. These events are displayed in the Web Console dashboard, and they can be seen by running an Investigation or Tail against the Event Manager.

Before turning alarms on, review these events and tune rules as necessary to meet an acceptable level of false positives. Refer to the LogRhythm Epic Hyperspace App User Guide for information about tuning individual AI Engine Rules. When finished tuning, enable alarming on the rules to bring events to the alarm layer, providing visibility to the monitoring team.

  1. Open the LogRhythm Console and click Deployment Manager.
  2. Click the AI Engine tab.
  3. Select all the Epic Hyperspace App—AI Engine Rules that are configured to alarm.

  4. Right-click the AI Engine Rule Manager, click Actions, click Batch Enable Alarms, and then click Enable Alarms.

    Alarm settings are located on the Settings tab of the Alarm Properties dialog box.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close