PCI-DSS 3.2 – AI Engine Rules
AI Engine Rule Name | Rule Description | Alert | Rule ID | Notification Area | Corresponding Investigation | Directly Meets Requirements | Augment Requirements | Alarming | Classifications | Log Sources |
|---|---|---|---|---|---|---|---|---|---|---|
PCI-DSS: Account Disabled/Locked Rule | This AIE Rule creates events for disabled/locked accounts. | No | 1106 | Access Revoked | PCI-DSS: Account Disable/Locked Detail | N/A | 8.1.3.a, 8.1.4, 8.1.6.a, 8.1.6.b, 8.1.7 | No | Access Revoked | PCI-DSS: All Log Sources |
PCI-DSS: Antivirus Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to antivirus. | Yes | 1107 | Operations : Error | PCI-DSS: Antivirus Failure Detail | 5.2.d, 10.8.b, A3.3.1.b | 5.1, 5.2.b, 5.2.c, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Error | PCI-DSS: Network Security Systems |
PCI-DSS: Antivirus Information Rule | This AIE Rule creates events for antivirus information. | No | 1108 | Information | PCI-DSS: Antivirus Failure Detail | 5.2.d | 5.1, 5.2.b, 5.2.c | No | Information | PCI-DSS: Network Security Systems |
PCI-DSS: Attack Alert | This AIE Rule alerts on the occurrence of any identified attack event. | Yes | 1109 | Security : Attack | PCI-DSS: Security Activity Detail PCI-DSS: Security Event Detail | N/A | A,6.6, 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Attack | PCI-DSS: Network Security Systems |
PCI-DSS: Audit Log Cleared Alert | This AIE Rule alerts on the occurrence of audit log clearing. | Yes | 1110 | Audit : Access Success | PCI-DSS: Audit Log Detail | N/A | 10.2.6 | Yes | Audit : Access Success | PCI-DSS: All Log Sources |
PCI-DSS: Audit Log Write Failure Alert | This AIE Rule alerts on the occurrence of audit log write failures. | Yes | 1111 | Audit : Other Audit Failure | PCI-DSS: Audit Log Detail | 10.8.b, A3.3.1.b | 10.2.6, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Audit : Other Audit Failure | PCI-DSS: All Log Sources |
PCI-DSS: Backup Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to backup software. | Yes | 1114 | Operations : Error | PCI-DSS: Backup Failure Detail | N/A | 9.7.1, 12.10.5 | Yes | Operations : Error | PCI-DSS: All Log Sources |
PCI-DSS: Backup Information Rule | This AIE Rule creates events for information from backup software. | No | 1115 | Information | PCI-DSS: Backup Failure Detail | N/A | 9.7.1, 12.10.5 | No | Information | PCI-DSS: All Log Sources |
PCI-DSS: Compromise Alert | This AIE Rule alerts on the occurrence of any identified compromise event. | Yes | 1116 | Security : Compromise | PCI-DSS: Security Activity Detail PCI-DSS: Security Event Detail | N/A | 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Compromise | PCI-DSS: Network Security Systems |
PCI-DSS: Critical/Error Alert | This AIE Rule alerts on the occurrence of critical or error messages from a given host. | Yes | 1117 | Operations : Critical | PCI-DSS: Critical/Error Detail | 10.8.b, A3.3.1.b | 6.5.5, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Critical | PCI-DSS: All Log Sources |
PCI-DSS: Database Authentication Rule | This AIE Rule creates events for database authentication successes & failures from unauthorized accounts. | No | 1118 | Authentication Success | PCI-DSS: AIE Database Authentication Detail PCI-DSS: Database Authentication Detail | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | No | Authentication Success | PCI-DSS: Database Systems |
PCI-DSS: DB Account Auth Failure Alert | This AIE Rule alerts on the occurrence of any database authentication failure from unauthorized accounts. |
Yes |
1120 | Audit : Authentication Failure | PCI-DSS: Database Authentication Detail | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.7.a, 8.7.c, 8.7.d, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Audit : Authentication Failure | PCI-DSS: Database Systems |
PCI-DSS: Denial Of Service Alert | This AIE Rule alerts on the occurrence of any identified Denial of Service event. | Yes | 1121 | Security : Denial of Service | PCI-DSS: Security Activity Detail PCI-DSS: Security Event Detail | N/A | 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Denial of Service | PCI-DSS: Network Security Systems |
PCI-DSS: Denied CDE => Internet Comm Rule | This AIE Rule creates events for denied communication from the cardholder data environment to the external internet. |
No |
1122 | Network Deny | PCI-DSS: AIE Denied CDE => Internet Comm Detail PCI-DSS: Denied CDE => Internet Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied DMZ => Internal Comm Rule | This AIE Rule creates events for denied communication from the demilitarized zone to the internal network. |
No |
1123 | Network Deny | PCI-DSS: AIE Denied DMZ => Internal Comm Detail PCI-DSS: Denied DMZ => Internal Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied Inet => Intrn Comm Rule | This AIE Rule creates events for denied communication from the external internet to all internal environments. |
No |
1124 | Network Deny | PCI-DSS: AIE Denied Intrn => Intrn Comm Detail PCI-DSS: Denied Intrn => Intrn Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied Internet => CDE Comm Rule | This AIE Rule creates events for denied communication from the external internet to the cardholder data environment. |
No |
1125 | Network Deny | PCI-DSS: AIE Denied Intrn => Inet Comm Detail PCI-DSS: Denied Intrn => Inet Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied Internet => DMZ Comm Rule | This AIE Rule creates events for denied communication from the external internet to the demilitarized zone. |
No |
1126 | Network Deny | PCI-DSS: AIE Denied Internet => CDE Comm Detail PCI-DSS: Denied Internet => CDE Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied Intrn => Inet Comm Rule | This AIE Rule creates events for denied communication from the internal environment to the external internet. |
No |
1127 | Network Deny | PCI-DSS: AIE Denied Internet => DMZ Comm Detail PCI-DSS: Denied Internet => DMZ Comm Detail | N/A | 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied Intrn => Intrn Comm Rule | This AIE Rule creates events for denied communication from the internal environment to the internal environment. |
No |
1128 | Network Deny | PCI-DSS: AIE Denied Inet => Intrn Comm Detail PCI-DSS: Denied Inet => Intrn Comm Detail | N/A | 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied Test => Internal Comm Rule | This AIE Rule creates events for denied communication from the test environment to other internal environments. |
No |
1129 | Network Deny | PCI-DSS: AIE Denied Test => Intern Comm Detail PCI-DSS: Denied Test => Internal Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied Test => Internet Comm AIE Rule | This AIE Rule creates events for denied communication from the test environment to the external internet. |
No |
1130 | Network Deny | PCI-DSS: AIE Denied Test => Inet Comm Detail PCI-DSS: Denied Test => Internet Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Denied Wireless => CDE Comm Rule | This AIE Rule creates events for denied communication from the test environment to the external internet. |
No |
1131 | Network Deny | PCI-DSS: AIE Denied Wireless => CDE Comm Detail PCI-DSS: Denied Wireless => CDE Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b | No | Network Deny | PCI-DSS: Network Security Systems |
PCI-DSS: Early TLS/SSL Alert | This AIE Rule alerts on the occurrence of any identified TLS LogRhythm Network Monitor event. | Yes | 1132 | N/A | 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | Yes | Security : Activity | Include All Log Sources | ||
PCI-DSS: FIM Add Activity Rule | This AIE Rule creates events for all file integrity monitoring add activity. | No | 1133 | Activity | PCI-DSS: FIM Activity Detail PCI-DSS: AIE FIM ADD/Delete/Mod Activity Detail PCI-DSS: FIM ADD/Delete/Mod Activity Detail | 11.5.a, 11.5.b | 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | No | Activity | PCI-DSS: File Integrity Monitors |
PCI-DSS: FIM Delete Activity Rule | This AIE Rule creates events for all file integrity monitoring delete activity. | No | 1134 | Activity | PCI-DSS: FIM Activity Detail PCI-DSS: AIE FIM ADD/Delete/Mod Activity Detail PCI-DSS: FIM ADD/Delete/Mod Activity Detail | 11.5.a, 11.5.b | 3.6.7.a, 10.2.7, A1.2.b, A1.2.c, A3.2.5.b | No | Activity | PCI-DSS: File Integrity Monitors |
PCI-DSS: FIM Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to file integrity monitoring. | Yes | 1135 | Operations : Error | PCI-DSS: FIM Failure Detail | 10.8.b, 3.3.1.b | 10.8.1.b, 12.10.5, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Error | PCI-DSS: File Integrity Monitors |
PCI-DSS: FIM Group Change Activity Rule | This AIE Rule creates events all file integrity monitoring group change activity. | No | 1136 | Activity | PCI-DSS: FIM Activity Detail | 11.5.a, 11.5.b | 3.6.7.a, A1.2.b, A1.2.c, 3.2.5.b | No | Activity | PCI-DSS: File Integrity Monitors |
PCI-DSS: FIM Information Rule | This AIE Rule creates events for information from file integrity monitoring software. | No | 1137 | Information | PCI-DSS: FIM Failure Detail | N/A | 12.10.5 | No | Information | PCI-DSS: File Integrity Monitors |
PCI-DSS: FIM Modify Activity Rule | This AIE Rule creates events for all file integrity monitoring modify activity. | No | 1138 | Activity | PCI-DSS: FIM Activity Detail PCI-DSS: AIE FIM ADD/Delete/Mod Activity Detail PCI-DSS: FIM ADD/Delete/Mod Activity Detail | 10.5.5, 11.5.a, 11.5.b | 3.6.7.a, A1.2.b, A1.2.c, 3.2.5.b | No | Activity | PCI-DSS: File Integrity Monitors |
PCI-DSS: FIM Owner Change Activity Rule | This AIE Rule creates events for all file integrity monitoring owner change activity. | No | 1139 | Activity | PCI-DSS: FIM Permission Change Detail PCI-DSS: AIE FIM Permission Change Detail | 11.5.a, 11.5.b | 3.6.7.a, A1.2.b, A1.2.c, 3.2.5.b | No | Activity | PCI-DSS: File Integrity Monitors |
PCI-DSS: FIM Permission Activity Rule | This AIE Rule creates events for all file integrity monitoring permission change activity. | No | 1140 | Activity | PCI-DSS: FIM Permission Change Detail PCI-DSS: AIE FIM Permission Change Detail | 11.5.a, 11.5.b | 3.6.7.a, A1.2.b, A1.2.c, 3.2.5.b | No | Activity | PCI-DSS: File Integrity Monitors |
PCI-DSS: Firewall Policy Synch Information Rule | This AIE Rule creates events for all firewall policy synchronization information. | No | 1141 | Information | PCI-DSS: Firewall Policy Synch Failure Detail | N/A | 1.2.2.a, 1.2.2.b | No | Information | PCI-DSS: Network Security Systems |
PCI-DSS: FW Policy Synch Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to firewall policy synchronization. |
Yes |
1142 | Operations : Error | PCI-DSS: Firewall Policy Synch Failure Detail | 10.8.b, 3.3.1.b | 1.2.2.a, 1.2.2.b, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Error | PCI-DSS: Network Security Systems |
PCI-DSS: Host Firewall Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to host firewalls. | Yes | 1143 | Operations : Error | PCI-DSS: Host Firewall Failure Detail | 10.8.b, A3.3.1.b | 1.4.a, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Operations : Error | PCI-DSS: All Log Sources |
PCI-DSS: Host Firewall Information Rule | This AIE Rule creates events for host firewall information. | No | 1144 | Information | PCI-DSS: Host Firewall Failure Detail | N/A | 1.4.a | No | Information | PCI-DSS: All Log Sources |
PCI-DSS: Invalid Account Usage Rule | This AIE Rule creates events for authentication successes and failures from unauthorized accounts. |
Yes |
1145 | Authentication Success | PCI-DSS: AIE Invalid Account Usage Detail PCI-DSS: Invalid Account Usage Detail | 2.1.a, 2.1.b, 10.2.1, 10.2.4, 10.8.b, 3.3.1.b | 8.1.3.a, 8.1.4, 8.5.c, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Security | PCI-DSS: All Log Sources |
PCI-DSS: Invalid Act Auth Failure Alert | This AIE Rule alerts on the occurrence of any authentication failure attempts from unauthorized accounts (default /disabled/terminated) in direct support of PCI-DSS Controls: 2.1.b, 10.1, 10.2.1, 10.2.2, 10.2.4 and supplemental support of PCI- DSS controls: 8.1.3.a, 8.1.4, 8.5.c | Yes | 1146 | Audit : Authentication Failure | PCI-DSS: AIE Invalid Account Usage Detail PCI-DSS: Invalid Account Usage Detail | 2.1.a, 2.1.b,10.1, 10.2.1, 10.2.2, 10.2.4, 10.8.b, A3.3.1.b, 10.8.b, A3.3.1.b | 8.1.3.a, 8.1.4, 8.5.c, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Audit : Authentication Failure | PCI-DSS: All Log Sources |
PCI-DSS: Invalid CDE => Internet Comm Rule | This AIE Rule creates events for un-allowed communication from the cardholder data environment to the external internet. |
Yes |
1147 | Network Allow | PCI-DSS: AIE Invalid CDE => Inet Comm Detail PCI-DSS: Invalid CDE => Internet Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid DMZ => Internal Comm Rule | This AIE Rule creates events for un-allowed communication from the demilitarized zone to the internal network. |
Yes |
1148 | Network Allow | PCI-DSS: AIE Invalid DMZ => Internal Comm Detail PCI-DSS: Invalid DMZ => Internal Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid Inet => Intrn Comm Rule | This AIE Rule creates events for un-allowed communication from the external internet to all internal environments. |
Yes |
1149 | Network Allow | PCI-DSS: AIE Invalid Intrn => Intrn Comm Detail PCI-DSS: Invalid Intrn => Intrn Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 1.2.3.b, 1.3.1, 1.3.2, 2.2.2.a, 2.2.2.b | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid Internet => CDE Comm Rule | This AIE Rule creates events for un-allowed communication from the external internet to the cardholder data environment in supplemental support of PCI-DSS Controls: 1.2.1.a-c, 1.3.3, 1.3.5, & 2.2.2.a-b |
Yes |
1150 | Network Allow | PCI-DSS: AIE Invalid Intrn => Inet Comm Detail PCI-DSS: Invalid Intrn => Inet Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.5), 2.2.2.a, 2.2.2.b | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid Internet => DMZ Comm Rule | This AIE Rule creates events for un-allowed communication from the external internet to the demilitarized zone. |
Yes |
1151 | Network Allow | PCI-DSS: AIE Invalid Inet => CDE Comm Detail PCI-DSS: Invalid Internet => CDE Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, (PCI 3.1 - 1.3.3), 1.3.4 (PCI 3.1 - 1.3.4), 2.2.2.a, 2.2.2.b | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid Intrn => Inet Comm Rule | This AIE Rule creates events for un-allowed communication from the internal environment to the external internet. |
Yes |
1152 | Network Allow | PCI-DSS: AIE Invalid Inet => DMZ Comm Detail PCI-DSS: Invalid Internet => DMZ Comm Detail | N/A | 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid Intrn => Intrn Comm Rule | This AIE Rule creates events for un-allowed communication from the internal environment to the internal environment. |
Yes |
1153 | Network Allow | PCI-DSS: AIE Invalid Inet => Intrn Comm Detail PCI-DSS: Invalid Inet => Intrn Comm Detail | N/A | 2.2.2.a, 2.2.2.b, 2.3.b, 4.1.c, 4.1.f | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid Test => Internal Comm Rule | This AIE Rule creates events for un-allowed communication from the test environment to other internal environments. |
Yes |
1154 | Network Allow | PCI-DSS: AIE Invalid DMZ => Internal Comm Detail PCI-DSS: Invalid Intrn => Intrn Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid Test => Internet Comm Rule | This AIE Rule creates events for un-allowed communication from the test environment to the external internet. |
Yes |
1155 | Network Allow | PCI-DSS: AIE Invalid CDE => Inet Comm Detail PCI-DSS: Invalid Intrn => Inet Comm Detail | N/A | 1.2.1.a, 1.2.1.b, 1.2.1.c, 2.2.2.a, 2.2.2.b, 6.4.1.a, 6.4.1.b, 6.4.2 | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Invalid Wireless => CDE Comm Rule | This AIE Rule creates events for un-allowed communication from the wireless environment to the internal card holder data environment. |
Yes |
1156 | Network Allow | PCI-DSS: AIE Invalid Wless => CDE Comm Detail PCI-DSS: Invalid Wireless => CDE Comm Detail | N/A | 2.2.2.a, 2.2.2.b | Yes | Network Allow | PCI-DSS: Network Security Systems |
PCI-DSS: Malware Alert Rule | This AIE Rule alerts on the occurrence of any identified Malware event. | Yes | 1157 | Security : Malware | PCI-DSS: Malware Detail | 5.2.d | 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Malware | PCI-DSS: Network Security Systems |
PCI-DSS: Object Disposal Failure Alert Rule | This AIE Rule alerts on the occurrence of any object deletion/removal failure. | Yes | 1158 | Audit : Access Failure | PCI-DSS: Object Disposal Failure Detail | 10.8.b, A3.3.1.b | 10.2.7, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Audit : Access Failure | PCI-DSS: All Log Sources |
PCI-DSS: Physical Access Failure Alert | This AIE Rule alerts on the occurrence of any critical failure or error to the physical access system. |
Yes |
1159 | Audit : Access Failure | PCI-DSS: Physical Access Failure Detail | 10.8.b, A3.3.1.b | 8.1.3.b,9.1, 9.1.1.a, 9.1.2, 9.3.c, 10.8.1.b, A1.3, A3.3.1.a, A3.5.1.a, A3.5.1.b | Yes | Audit : Access Failure | PCI-DSS: Physical Security Systems |
PCI-DSS: Physical Access Usage Rule | This AIE Rule creates events of physical security authentication success and failures. | No | 1160 | Authentication Success | PCI-DSS: Physical Access Failure Detail | N/A | 8.1.3.b, 9.1, 9.1.1.a, 9.1.2, 9.3.c | No | Authentication Success | PCI-DSS: Physical Security Systems |
PCI-DSS: Priv Acct Auth Failure Alert | This AIE Rule alerts on the occurrence of any authentication failure attempt from privileged accounts. |
Yes |
1161 | Audit : Authentication Failure | PCI-DSS: Priv Acct Auth Detail | 10.1, 10.2.1, 10.2.2, 10.2.4, 10.2.5.a, 10.8.b, A3.3.1.b | 7.1.1, 10.8.1.b, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Audit : Authentication Failure | PCI-DSS: All Log Sources |
PCI-DSS: Reconnaissance Activity Alert | This AIE Rule alerts on the occurrence of any reconnaissance activity. | Yes | 1162 | Security : Reconnaissance | PCI-DSS: Reconnaissance/Suspicious Detail | N/A | 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | Yes | Security : Activity | Include All Log Sources |
PCI-DSS: Remote Session Timeout Rule | This AIE Rule creates events for remote session timeouts. | No | 1163 | Information | N/A | N/A | 11.4.a, 11.4.b, 11.4.c, 12.10.5 | Yes | Security : Reconnaissance | PCI-DSS: Network Security Systems |
PCI-DSS: Rouge WAP Detected Alert | This AIE Rule alerts on the occurrence of any rogue access point detection events. | Yes | 1164 | Security : Suspicious | PCI-DSS: Rogue WAP Detail | N/A | 12.3.8.b | No | Information | PCI-DSS: Network Security Systems |
PCI-DSS: Signature Update Failure Alert | This AIE Rule alerts on the occurrence of signature update failures. | Yes | 1165 | Audit : Configuration | PCI-DSS: Signature Update Failure Detail | N/A | 11.1.b, 11.1.d, 12.10.5 | Yes | Security : Suspicious | PCI-DSS: Network Security Systems |
PCI-DSS: Software Update Failure Alert | This AIE Rule alerts on the occurrence of software update failures. | Yes | 1166 | Audit : Configuration | PCI-DSS: Software Update Failure Detail | 6.2.b | 11.4.a, 11.4.b, 11.4.c, 12.11.a, A3.2.5.b | Yes | Audit : Configuration | PCI-DSS: Network Security Systems |
PCI-DSS: Suspicious Activity Alert | This AIE Rule alerts on the occurrence of suspicious activity. | Yes | 1167 | Security : Suspicious | PCI-DSS: Reconnaissance/Suspicious Detail | 6.2.b | 12.11.a, A3.2.5.b | Yes | Audit : Configuration | PCI-DSS: All Log Sources |
PCI-DSS: SSL Activity | This AIE Rule triggers on the occurrence of any identified SSL LogRhythm Network Monitor event. | No | 1168 | N/A | 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | No | Security : Activity | Include All Log Sources | ||
PCI-DSS: Potential New TLS/SSL Implementation | This AIE Rule is designed to evaluate environments with two weeks of no TLS/SSL logging, and alarm if unexpected TLS/SSL activity shows up over that two-week window. | Yes | 1169 | N/A | 11.4.a, 11.4.b, 11.4.c | Yes | Security : Suspicious | PCI-DSS: Network Security Systems | ||
PCI-DSS: Time Sync Error | This AIE Rule creates an event and alerts for any time sync errors occurring on any Log Source. | Yes | 1170 | Operations : Warning | N/A | N/A | 10.4.2.b | Yes | Operations : Warning | PCI-DSS: All Log Sources |
PCI-DSS: TLS Activity | This AIE Rule triggers on the occurrence of any identified TLS LogRhythm Network Monitor event. | No | 1171 | N/A | 2.2.3.a, 2.2.3.b, 2.3.e, 4.1.g, 4.1.h, A2.1, A2.2, A2.3 | No | Security : Activity | Include All Log Sources | ||
PCI-DSS: Vendor Account Enabled Alert | This AIE Rule alerts on the occurrence of any access granting to vendor accounts. | Yes | 1172 | Audit : Access Granted | PCI-DSS: Vendor Account Enabled Detail | N/A | 8.1.5.a, 8.1.5.b, 8.1.6.b, 12.3.9 | Yes | Audit : Access Granted | PCI-DSS: All Log Sources |
PCI-DSS: Vendor Act Access Fail Alert | This AIE Rule alerts on vendor account access failure within the environment. | Yes | 1173 | Audit : Access Failure | PCI-DSS: Vendor Access Detail | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.1.5.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Audit : Access Failure | PCI-DSS: All Log Sources |
PCI-DSS: Vendor Auth Activity Rule | This AIE Rule creates events for vendor account activity. | No | 1174 | Authentication Success | PCI-DSS: Vendor Authentication Detail | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.1.5.a, 8.1.5.b, 8.1.6.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | No | Authentication Success | PCI-DSS: Network Security Systems |
PCI-DSS: Vendor Auth Failure Alert | This AIE Rule alerts on the occurrence of any vendor account use of remote access. | Yes | 1175 | Audit : Authentication Failure | PCI-DSS: Vendor Authentication Detail | 10.2.1, 10.2.4, 10.8.b, A3.3.1.b | 8.1.5.a, 8.1.5.b, 8.1.6.b, 10.8.1.b, 12.3.9, A1.1, A1.3, A3.3.1.a, A3.4.1, A3.5.1.a, A3.5.1.b | Yes | Audit : Authentication Failure | PCI-DSS: Network Security Systems |
PCI-DSS: Vulnerability Alert | This AIE Rule alerts on the occurrence of vulnerabilities or suspicious events across the organization's environment. |
Yes |
1176 | Security : Vulnerability | PCI-DSS: Vulnerability Detail | N/A | 6.5.1, 6.5.2, 6.5.4, 6.5.5, 6.5.6, 6.5.7, A, 6.5.9,6.6, 12.10.5 | Yes | Security : Vulnerability | PCI-DSS: Network Security Systems |
PCI-DSS: Patch Update Failure Alert | This AIE rule creates an alert any time a patch fails to apply to environments (entity structure). | Yes | 1184 | 6.2.b | 12.11.a, A3.2.5.b | Yes | Operations : Error | PCI-DSS: All Log Sources | ||
PCI-DSS: Personnel Login Authentication Method Event | This rule can be used to gather event data for review with drilldowns. Any authentication event identified within an environment should be added to the criteria of Rule Block 1. |
No |
1185 | N/A | 8.3.1.b, A3.4.1 | No | Security : Activity | PCI-DSS: All Log Sources | ||
PCI-DSS: Configuration Change Rule | This AIE Rule provides details on configuration changes. | Yes | 1186 | N/A | 6.4.6 | No | Audit : Configuration | PCI-DSS: All Log Sources | ||
PCI-DSS: Change Record Statistics | This AIE Rule provides custom statistics on configuration change record events. Default expressions are to be modified accordingly. |
No |
1187 | 6.2.b | 12.11.a, A3.2.5.b | Yes | Audit : Configuration | PCI-DSS: All Log Sources |