Skip to main content
Skip table of contents

PCI-DSS User Guide – AI Engine Rules

AI Engine Rules leverage LogRhythm technology to correlate events across your environment, helping to identify events of interest and potential compliance issues.

Malware Alert Rule

A cornerstone of PCI-DSS 3.2 is the ability to continuously monitor the environment from all layers. Alert (#1157) is configured to alert when malicious activity occurs within the environment. This AIE Rule creates an event and notification alert for malware detection on devices that have been designated as log sources or devices that support network monitoring.

Invalid Account Usage Rule

This AIE rule (#1145) looks for any disabled, terminated, or default accounts that successfully or unsuccessfully attempt to authenticate into the environment. This rule is based on lists that are established and maintained by the organization according to access management policies.

Audit Log Cleared Rule

In PCI-DSS 3.2, it is critical to identify any attempt to erase audit logs to cover up potentially malicious activity across the environment. In order to ensure that auditing logs of systems are secured, this AIE rule (#1110) creates an event any time an audit log is cleared for any log source or system being monitored.

Log Requirements

These AIE rules cover all log sources in your environment but specifically require logs from anti-malware systems, firewalls, servers, workstations, security enforcing devices, access management systems, and vulnerability detection systems. When configured correctly, LogRhythm’s advanced correlation and AIE rules provide near real-time alerts for malicious activities and/or attacks.

KB Content

Object Type



AIE Rule

PCI-DSS: Audit Log Cleared Alert Rule


AIE Rule

PCI-DSS: Invalid Account Usage AIE Rule


AIE Rule

PCI-DSS: Malware Alert Rule


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.