Skip to main content
Skip table of contents

GDPR User Guide – AI Engine Rules

AI Engine Rules leverage LogRhythm technology to correlate events across your environment, helping to identify events of interest and potential compliance issues. The goal for many of these rules is to quickly identify traffic coming from or going to a country that has strict data protection laws, such as GDPR for the EU members. This can empower your organization and DPO to ensure policies are applied and consent is obtained as soon as possible to limit the time of non-compliance.

Log Requirements

These AIE rules cover all log sources in your environment but specifically require logs from anti-malware systems, firewalls, servers, workstations, security enforcing devices, access management systems, and vulnerability detection systems. When configured correctly, LogRhythm’s advanced correlation and AIE rules provide near real-time alerts for malicious activities and/or attacks.

Object TypeNameID
AIE Alarm RuleCCF: Malware Alarm Rule1217
AIE RuleCCF: GeoIP General Activity1240
AIE RuleCCF: GeoIP Blacklisted Region Activity1241
AIE Alarm RuleCCF: Unknown User Account Alarm1243

Malware Alarm Rule

A cornerstone of GDPR is the ability to continuously monitor the environment from all layers. This Alarm (#1217) is configured to alert when malicious activity occurs within the environment. This AIE Rule creates an event and notification alarm for malware detection on devices that have been designated as log sources or devices that support network monitoring.

GeoIP Activity Rules

This set of AIE rules (#1240 & 1241) are designed to leverage the Data Processor’s GeoIP functionality to represent general activity. Further a blacklisted region (list) can be used to indicate when data is coming in from a region that has data protection policies or legislation that needs to be taken into consideration. This early notification can ensure the organization acts on policies to obtain consent and ensure adherence to data protection requirements.

Unknown User Account Rule

In GDPR, it is critical to identify the potential introduction of personal data into the environment, as seen with this rule (#1243). Leveraging a user list to confirm users who have given consent are leveraged in the rule to identify any user activity originating from an unknown account that may indicate an account that has not given consent. This can help facilitate policies to obtain consent and ensure adherence to data protection requirements.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.