Skip to main content
Skip table of contents

North American Electric Reliability Corporation User Guide


This guide is intended for the designated LogRhythm administrators within your organization.

Prerequisites

This guide assumes the following:

  • The NERC-CIP Compliance Automation Suite has been imported, the desired AI Engine (AIE) rules are enabled, and the network entity structure has been configured. Contact LogRhythm support for any additional questions about establishing entity structure in the console.
  • Appropriate log sources (such as Electronic Security Perimeters, BES Cyber Assets, Physical Security Perimeters, and so forth) have been configured for collection by LogRhythm.
  • The network entity structure has been configured to identify High, Medium, and Low-Impact BES Cyber Assets. Contact LogRhythm support for any additional questions or guidance around establishing entity structure within your deployment. NERC also offers guidance on criteria to determine appropriate categorization.
  • To use the rules and reports that monitor various users or groups, the seven (7) NERC-CIP lists have been modified to include the default privileged groups, authorized VPN accounts, vendor accounts, terminated accounts, privileged accounts, default accounts and shared accounts that your organization wishes to monitor. The task of updating these lists can be easily integrated into existing periodic account reviews of the various systems within the environment.

This document has the following given sections:

NERC User Guide – AI Engine Rules
NERC User Guide – Investigations
NERC User Guide – Reports and Reporting Packages

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close