Skip to main content
Skip table of contents

Healthcare Security User Guide – AI Engine Rules

AI Engine Rules leverage LogRhythm technology to correlate events across your environment, helping to identify events of interest and potential compliance issues.

Malware Alert Rule

A cornerstone of HIPAA, HITECH, and Promoting Interoperability is the ability to continuously monitor the environment from all layers. Alert (#992) is configured to work with anti-virus and malware detection systems to detect malicious activity within the environment. This AIE Rule creates an event and notification alert for malware detection on devices that have been designated as log sources or devices that support network monitoring.

Privilege Account Usage Rule

This set of AIE rules looks to monitor privileged account usage according to established user lists within LogRhythm. LogRhythm user lists align with existing user account management and provisioning processes, which are easily implemented along with periodic access reviews to ensure access listings are up to date.

LogRhythm Statistical and Trend Rules

With HIPAA, HITECH, and Promoting Interoperability variable monitoring of in-scope systems is critical to the ongoing success and health of the compliance program. These AIE rules create events and alerts when any specifically defined statistical expression is fulfilled or a particular threshold is met. When evaluating and assessing these AIE rules, these expressions and values should be manually re-adjusted to thresholds that agree with those of the individual institution running LogRhythm. LogRhythm’s Professional Services consulting team is able to assist with properly adjusting these expressions if direct assistance is needed.

Log Requirements

These AIE rules cover all log sources in your environment, but specifically require logs from anti-malware systems, firewalls, servers, workstations, security enforcing devices, access management systems, and vulnerability detection systems. When configured correctly, LogRhythm’s advanced correlation and AIE rules provide near real-time alerts for malicious activities and/or attacks.

Knowledge Base Content

Object Type



AIE Rule & Alert

HSS: Malware Detected Alert


AIE Rule & Alert

HSS: Threat IP Access Attempt Alert


AIE Rule & Alert

HSS: Threat IP Auth Activity Alert


AIE Rule & Alert

HSS: Abnormal Amount of Data Transferred


AIE Rule & Alert

HSS: Large Out-of-Scope Data Transfer


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.