Least Privileged User: PM, Advanced Intelligence Engine

The Job Manager runs scheduled report jobs and other background functions, such as automated list imports and heartbeat monitoring. You can schedule report packages to run and be delivered automatically using the Scheduled Report Job Manager. The Job Manager then creates, exports, notifies, and delivers the reports.

Purpose

The AIE is a rules engine that processes logs to generate alerts based on complex rule workflows. The AIE service runs on the PM system or a separate appliance, and has no external communications with services or systems other than the EMDBs.

Shared Resource

Note that the AIE and AIE Communication Manager services share directories for configuration, state, and data files. These directories can be configured in the AIEngine Configuration Manager. This guide refers to the default settings.

	Read	Write	Read & Execute	Modify	Full Control	Children Inherent
<LogRhythm Installation Directory Path>\LogRhythm\LogRhythm AI Engine X					X

The Communication Manager writes data files read by the AIE engine. By default, this directory is part of the path above. However, you can configure the AIE system to use a separate directory. If you change the directory, both the AIE and the AIE Communication Manager services will need access to this directory.

Registry Access

	Read Control	Write Owner	Write DAC	Delete	Create Link	Enumerate Subkeys	Set Value	Query Value	Full Control	Children Inherent
KEY_LOCAL_MACHINE\ SOFTWARE\LogRhythm\ lraiecommgr	X					X		X		X
HKEY_LOCAL_MACHINE\ SOFTWARE\LogRhythm\ lraieengine	X					X		X		X

Database Access

The AIE service uses the LogRhythmAIE database user and the LogRhythmGlobalAIE security role to access the LogRhythm EMDBs. All permissions are set as required by the default security role.

Ports

The AIE service does not directly communicate with any other system through dedicated ports.

Other Resources

The AIE service does not require any other privileges or permissions.