CorreLog SIEM Agent Version 5.5.3 Incorporates Enhanced Security, Audit and Filtering

By CIOReview | Thursday, August 20, 2015

NAPLES, FL: CorreLog, an IT security management company rolls out a major update to its CorreLog Security Information and Event Management (SIEM) Agent for IBM z/OS. CorreLog also provides solutions for IT security log management and event log correlation.

The SIEM Agent v5.5.3 for IBM z/OS resides in a mainframe LPAR (Logical PARtition) and converts mainframe security events such as Resource Access Control Facility (RACF), Access Control Facility (ACF2), Top Secret and Database 2 (DB2) accesses to distributed syslog format in real-time.

“The new release is one we know our customers will immediately leverage. Providing more IND$FILE auditing and enhanced filtering are functions designed to improve security and compliance while reducing costs,” says George Faucher, President and CEO, CorreLog.

The new version extends its reach to include an EMC-certified connector for RSA Security and also integrates with Splunk SIEM offering new capability of sending real-time event messages from z/OS to: IBM Security QRadar, HP ArcSight, EMC RSA Security Analytics, LogRhythm, Intel Security McAfee, Dell SecureWorks and Solutionary platforms.

The update also features a new audit functionality, CorreLog IND$defender for IND$FILE where IND$FILE is a file transfer program between IBM-3270 emulated PC and IBM mainframe. IND$defender audits such transaction and assigns new SMF record (#202) for CorreLog to the event and forwards each event in real-time to SIEM system. SMF 202 is reserved by CorreLog through IBM for IND$defender.

Another remarkable feature is the advanced filter support that allows customers to limit the events forwarded to their SIEM system through logical event filter criteria. Customers may restrain the events sent for limiting the bandwidth use or filtering only the relevant events based on security or compliance needs resulting in eliminating noise.

Package for CorreLog Agent for IBM z/OS comes in size less than 1MB with the ease of upgrading the system in few hours.