Skip to main content
Skip table of contents

MAS-TRMG User Guide – AI Engine Rules


AI Engine Rules leverage LogRhythm technology to correlate events across your environment, helping to identify events of interest and potential compliance issues. As the FI matures its compliance program, it may also utilize other LogRhythm advanced security modules and other AIE components of SIEM, as described below in the Maturity Model section.

Malware Alarm Rule

A cornerstone of MAS-TRMG is the ability to continuously monitor the environment from all layers. Alert (#1036) is configured for working with anti-virus and malware detection systems to detect malicious activity within the environment. This AIE Rule creates an event and notification alert for malware detection on devices that have been designated as log sources or devices that support network monitoring.

Privilege Account Usage Rules

This set of AIE rules looks to monitor privilege account usage per established user lists within LogRhythm. LogRhythm user lists align with existing user account management and provisioning processes, easily implemented along with periodic access reviews to ensure access listings are up to date.

Silent Log Source and Audit Logging Rules

In MAS-TRMG, continuous monitoring of in-scope systems is critical to ongoing success and health of the compliance program. This set of AIE rules creates an event and alerts when any log source fails to send logs to a LogRhythm Agent or when modifications to an audit log occur.

Log Requirements

These AIE rules cover all log sources in your environment, but specifically require logs from anti-malware systems, firewalls, servers, workstations, security enforcing devices, access management systems and vulnerability detection systems. When configured correctly, LogRhythm’s advanced correlation and AIE rules provide near real-time alerts for malicious activities and/or attacks.

KB Content

Object Type

Name

ID

AIE Rule & Alert

MAS: Malware Alert

1036

AIE Rule & Alert

MAS: Priv Acct Auth Failure Alert

1040

AIE Rule & Alert

MAS: Priv Acct Access Failure Alert

1041

AIE Rule

MAS: Priv Acct Auth Success Rule

1062

AIE Rule

MAS: Priv Acct UAM Rule

1063

AIE Rule

MAS: Priv Acct Access Success Rule

1064

AIE Rule

MAS: Priv Acct Disabled/Enabled Rule

1065

AIE Rule & Alert

MAS: LogRhythm Silent Log Source Error Alert

1030

AIE Rule & Alert

MAS: Audit Log Cleared Alert

1044

AIE Rule & Alert

MAS: Audit Log Write Failure Alert

1045

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.