CorreLog Supports IND$FILE Auditing for SIEM

By CIOReview | Thursday, December 24, 2015

NAPLES, FL: CorreLog, provider of multi-platform IT security event log management, has announced the auditing support for IND$FILE, a file transfer program from IBM that allows the transfer of flies between an IBM PC running the IBM 3270 emulator and a VSE, MVS or VM/CMS mainframes.

By delivering a systematized approach for monitoring mainframe dataset activity through a 3270 Emulator program, IND$defender closes a major security gap in mainframes left open from the inability to audit PC users who have permission to upload or download mainframe datasets. It also enables compliance managers to have an audit trial and real-time SIEM notifications for IND$FILE that does not natively create a System Management Facility (SMF) record, which is used by the mainframe access control and security program called RACF, from the mainframe operating system.

“CorreLog SIEM Agent with IND$defender fills another gap by bringing 3270 Emulator user auditing into predominantly distributed SIEM systems in real time. The increased visibility to user activity and improved compliance from this solution is significant, not just for our customers but for the industry as a whole,” says George Faucher, President and CEO of CorreLog.

In addition, CorreLog’s IND$defender works as a “wrapper”, which transparently audits the usage of IND$FILE and writes an SMF record that can be formatted for any SIEM system for every IND$FILE transfer. IND$defender then creates a real-time alert from the SMF record for the organization’s SIEM system. The audit data, which can be sent to the distributed SIEM system consists invoking user ID, name and Group; terminal name and IP address; mainframe dataset name; upload or download; time of day and duration of transfer; and other IND$FILE parameters.