|
AI Engine Rule Name |
Rule Description |
Rule ID |
Minimum Data Requirement |
Recommended Data Requirement |
|---|---|---|---|---|
|
RCC: POS New Process |
This rule will watch a "Gold Standard" POS system for process activity and build a whitelist profile of processes running on the "Gold Standard," comparing all other POS endpoints with the "Gold Standard" process list. |
518 |
POS Host Logs |
System Monitor on POS |
|
RCC: POS Abnormal Auth Activity |
This rule will build a whitelist profile of the authentication activity to and from POS endpoints. If a new Origin Login is seen, or new hosts are involved in the authentication activity, the rule will fire. |
519 |
POS Host Logs |
System Monitor on POS |
|
RCC: POS Abnormal Network Comms |
This rule will build a whitelist profile of all end-to-end network communications where one side is a POS system. If a connection is seen to/from a new IP, the rule will fire. |
520 |
Firewall Logs from POS Network |
LogRhythm Network Monitor on POS Network |
|
RCC: POS Abnormal CE |
This rule will build a whitelist of Common Events being generated on each POS endpoint. If a new Common Event is noticed, the rule will fire. |
521 |
POS Host Logs |
System Monitor on POS |
|
RCC: POS Abnormal File Access |
This rule will build a profile of file access on a POS file system. If new access activity is identified, the rule will fire. |
522 |
File System Logs |
LogRhythm File Integrity Monitoring |
|
RCC: POS DLD Event |
This rule will look for any LogRhythm Data Loss Defender events on a POS endpoint and fire if any are observed. |
523 |
LogRhythm Data Loss Defender |
|
|
RCC: POS File System Modified |
This rule will look for any file system changes on a POS endpoint and fire if changes are identified. |
524 |
File System Logs |
LogRhythm File Integrity Monitoring |
|
RCC: Back Office New Process |
This rule will watch a "Gold Standard" back-office payment system for process activity and build a whitelist profile of processes running on the "Gold Standard," comparing all other "like" systems with the "Gold Standard" process list. |
525 |
Payment System Host Logs |
System Monitor on Payment System Host |
|
RCC: Back Office Abnormal Auth Activity |
This rule will build a whitelist profile of the authentication activity to and from back-office payment systems. If a new Origin Login is seen, or new hosts are involved in the authentication activity, the rule will fire. |
526 |
Payment System Host Logs |
System Monitor on Payment System Host |
|
RCC: Back Office Abnormal Network Comms |
This rule will build a whitelist profile of all end-to-end network communications where one side is a back-office payment system. If a connection is seen to/from a new IP, the rule will fire. |
527 |
Firewall Logs from Payment System Network |
LogRhythm Network Monitor on Payment System Network |
|
RCC: Back Office Abnormal CE |
This rule will build a whitelist of Common Events being generated on each back office payment system. If a new Common Event is noticed, the rule will fire. |
528 |
Payment System Host Logs |
System Monitor on Payment System Host |
|
RCC: Back Office Abnormal File Access |
This rule will build a profile of file access on a back office payment system. If new access activity is identified, the rule will fire. |
529 |
File System Logs |
LogRhythm File Integrity Monitoring |
|
RCC: Back Office DLD Event |
This rule will look for any LogRhythm Data Loss Defender events on a back office payment system and fire if any are observed. |
530 |
LogRhythm Data Loss Defender |
|
|
RCC: Back Office File System Modified |
This rule will look for any file system changes on a back office payment system and fire if changes are identified. |
531 |
File System Logs |
LogRhythm File Integrity Monitoring |