Skip to main content
Skip table of contents

GPG-13 Deployment Guide – Meet the Compliance Requirements


The LogRhythm GPG-13 Advanced Compliance Suite provides bundled pre-created Alarms, AI Engine Rules, Investigations, Layouts, Lists, Reports, and Reporting Packages to help demonstrate regulation compliance. The Auditor checks for specific line-item regulations to be met by LogRhythm. The GPG-13 Suite Post-Implementation section details the post-implementation processes necessary to meet specific GPG-13 compliance requirements and augment others.

Compliance Module Noise Mitigation

LogRhythm’s GPG-13 Compliance Automation Suite bundled alarms, AIE rules, investigations, layouts, lists, reports, and reporting packages need adjustments to ensure the likelihood of false positive events is diminished. The process to decrease false positive events involves the following steps:

List Updating

Keeping Compliance Suite lists updated is a vital part of decreasing false positives within the GPG-13 Advanced Compliance Suite. An organization’s applications, security systems, IP addresses, users and other log sources are dynamic. For this reason, the Compliance Suite utilizes lists which can be dynamically updated as needed. There are many conditions which would require a list to be updated. Organization’s should update these lists periodically and may fall in line with other periodic reviews performed by management.

Filter Usage

Adjusting filter criteria is a vital part of decreasing the number of false positives within the GPG-13 Advanced Compliance Suite. Exclude filters can remove applications, common events, hosts, IP addresses, etc. from search criteria. There are many conditions in which an exclude filter can decrease the number of false positives in the search criteria. The following section highlights how to create exclude filters for AI Engine Rules, Investigations, Reports, and Tails.

Configure AIE Rule Exclude Filter Criteria

All AIE Rules included in the GPG-13 Compliance Automation Suite can be configured with exclude filters.

  1. Open the LogRhythm Console and click Deployment Manager on the main toolbar.
  2. Click the AI Engine tab.
  3. Right-click a GPG-13 AIE Rule on which an exclude filter should be configured, and then click Properties.
  4. Right-click the Rule Block, and then click Properties.
  5. Click the Exclude Filters tab.
  6. On the top menu, click the New icon.
  7. Specify the details for the exclude filter criteria.
  8. On the Log Message Filter, click OK.
  9. On the AI Engine Rule Block Wizard, click OK.
  10. On the AI Engine Rule Wizard, click OK.
  11. On the top of the AI Engine Rule Manager, click Restart AIE Engine.

Configure Investigation Exclude Filter Criteria

All Investigations included in the GPG-13 Compliance Automation Suite can be configured with exclude filters.

  1. Open the LogRhythm Console and click Investigate on the main toolbar.
  2. Select one of the saved GPG-13 Investigations on which an Exclude Filter should be configured.
  3. Click Next until you reach the Specify Event Selection screen.
  4. In the Add New Field Filter list, select the criteria.
  5. Click Edit Values and configure the criteria as required.
  6. (Optional) To specify exclusions, select the Filter Out (Is Not) option under Filter Mode.
  7. Click OK.
  8. Click Next until you reach the Save Investigation Configuration screen, and then click Save.
  9. Click Cancel.

Configure Report Exclude Filter Criteria

All Reports included in the GPG-13 Compliance Automation Suite can be configured with exclude filters.

  1. Open the LogRhythm Console and click Report Center on the main toolbar.
  2. Click the Reports tab.
  3. Select the Action check box of the report that needs to exclude filters, right-click the selection, and then click Properties.
  4. Click Next until you reach the Specify Additional Report Criteria Screen.
  5. In the Add New Field Filter list, select the criteria.
  6. Click Edit Values and configure the criteria as required.
  7. (Optional) To specify exclusions, select the Filter Out (Is Not) option under Filter Mode.
  8. Click OK.
  9. Click Next to reach the Report Details screen, click Apply, and then click OK.

Suppression Usage

Adjusting suppression values is a vital part of tuning the alarming configuration within the GPG-13 Advanced Compliance Suite. Suppression values are used to suppress the number of alarms generated from the same type of event occurring numerous times within a specified time period. The following section highlights how to tune suppression values for AI Engine rules.

Configure AIE Rule Suppression

All AIE Rules included in the GPG-13 Compliance Automation Suite can be configured with alarm suppression. Follow the instructions below to configure suppression for AIE Rules.

  1. Open the LogRhythm Console and click Deployment Manager on the main toolbar.
  2. Click the AI Engine tab.
  3. Right-click a GPG-13 AIE Rule on which suppression should be configured, and then click Properties.
  4. Click the Settings tab.
  5. Type a value for the Suppression Multiple.

    You must select the Enable Suppression check box in order for suppression to function. The Suppression Period is the amount of time in which an alarm will be suppressed after the first occurrence. When the Suppression Period has elapsed, another alarm occurs if identical events occur.

  6. On the AI Engine Rule Wizard, click OK.
  7. On the top of the AI Engine Rule Manager, click Restart AIE Engine.

Schedule Package Reports

The LogRhythm GPG-13 Advanced Compliance Suite provides a bundle of reports in the form of a Report Package which helps demonstrate regulation compliance and overall GPG program metrics to be consumed by the management or executive-level audience. The GPG-13: Advanced Compliance Exec Reporting Package is designed to be executed and delivered to management or executive-level audiences at designated time periods. The GPG-13: Advanced Compliance Reports is designed to be used for general purposes and includes the majority of the reports in the module. This section describes the proper configuration of GPG-13 Report Packages.

  1. In the Client Console, click Report Center on the main toolbar.
  2. Select the reporting package you want to configure.
  3. Right-click the reporting package, and then click Properties.
  4. Click Next until you reach the Configuration Screen.
  5. Change any configuration options you want.
  6. Select the Export and Save Reports check box.
  7. You can specify a file path where completed reports will be stored. Ensure that appropriate credentials are established to allow LogRhythm to write to this folder.
  8. After all changes are complete, click Next, and then click OK.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.