LogRhythm Advanced Intelligence Engine

AI Engine delivers real-time visibility to risks, threats and critical operations issues.

LogRhythm’s Advanced Intelligence (AI) Engine is an optional module for any LogRhythm deployment, offering sophisticated correlation and analysis of all enterprise log data in a uniquely intuitive fashion. With a practical combination of flexibility, usability and comprehensive data analysis, AI Engine delivers realtime visibility to risks, threats and critical operations issues that are otherwise undetectable in any practical way. AI Engine is Correlation That Works!

With over 100 preconfigured, out-of-the-box correlation rule sets and a wizard-based drag-and-drop GUI for creating and customizing even complex rules, AI Engine enables organizations to predict, detect and swiftly respond to::

  • Sophisticated intrusions
  • Insider threats
  • Fraud
  • Compliance violations
  • Disruptions to IT Services
  • And many other critical actionable event

Comprehensive Advanced Correlation

Unlike legacy SIEM solutions, AI Engine leverages its integration with the log and event management functions within the LogRhythm platform to correlate against all log data – not just a pre-filtered subset of security events. Seamless integration also enables immediate access to all forensic data directly related to an event.

AI Engine rules draw from over 50 different metadata fields that provide highly relevant data for analysis and correlation. Whether detected by out-of-the-box rules or user-created/modified rules, AI Engine identifies and alerts on actionable events with tremendous precision, for operations, security and compliance assurance. AI Engine can also be used to cast a wide net through generalized correlation rules for broader visibility that accommodate changes in event behavior.

Multi-Dimensional Big Data Analytics

LogRhythm has combined enterprise-wide advanced correlation and pattern recognition with automated behavioral and statistical analysis to deliver the industry’s first Multi-Dimensional Big Data Analytics capabilities. By combining advanced statistical and heuristic analysis with behavioral whitelisting, LogRhythm allows organizations to automate the process of learning what constitutes “normal” behavior on any combination of attributes tied to users, hosts, applications, or devices. Integrating these capabilities with advanced correlation and pattern recognition eliminates two problems for administrators – the inability to accurately define what constitutes “normal” activity, and the deluge of false positives tied to the lack of understanding of valid behavior.

AI Engine Delivers:

  • Advanced Correlation Against All Log Data
  • Automated Behavioral and Statistical Baselining
  • Immediate Access to Underlying Forensic Data
  • Generalized and Targeted Rules
  • Extensive Out-of-the-Box Advanced Correlation Rules
  • Unparalleled Ease of Use

AI Engine in Action

AI Engine’s numerous predefined advanced correlation rule sets are configured to run “out-of-the-box” and act as templates for easy customization. All rules within AI Engine can be quickly modified through a highly intuitive GUI to address unique requirements of any organization.


A single event is not always enough to indicate a breach or show the true reach of a security incident. AI Engine automatically generates behavioral whitelists of ‘normal’ activity to help identify suspicious behavior patterns to automatically identify and alert on potential threats and breaches. For example, malware can invade and spread through an organization quickly, exposing data and weakening security faster than administrators can react. In many cases, the extent of damage is unknown.


  • Malware is detected on one host followed by attacks from that affected host
  • Suspicious communication from an external IP Address is followed by data being transferred to the same IP Address
  • A user logs in from one location, does not log out, but logs in from another city or country in a short timeframe


AI Engine delivers continuous compliance by generating events when specific policy violations occur. These include protecting cardholder data or Protected Health Information (PHI) from unauthorized access and actively monitoring privileged user behavior.


  • Five failed authentication attempts followed by a successful login to a database containing ePHI followed by a large data transfer to the user's machine all within 30 minutes
  • A file containing credit card data is accessed, followed by an attempt to transfer information from the same host to a USB thumb drive within 10 minutes
  • Creating one or multiple accounts and escalating their privileges in a short period of time


Advanced correlation offers substantial value for operational insight and IT services assurance. Slight variations in specific activities or a particular sequence of typically common operations events may indicate critical operations issues


  • A backup process is started, but no log for backup completed is generated
  • A critical process stops and doesn't start back up within a specific timeframe
  • High I/O rates on a critical server usually only observed during backup procedures are observed during normal business hours.

AI Engine Deployment Option

Designed to integrate with any core LogRhythm deployment AI Engine can be purchased as a turnkey appliance, installed as software on dedicated customer equipment or deployed on multiple virtualization platforms, including VMware ESX, Microsoft Hyper-V, and Citrix XenServer. High performance appliances can process tens of thousands of logs per second and billions of logs per day. AI Engine follows LogRhythm’s building-block architecture – expansion is as simple as plugging in an additional appliance. All appliances are centrally configured, monitored, and managed through LogRhythm’s universal console.