Home » Auditing » SIEM/DAM Support

iSecurity SIEM / DAM Support

Integrating IBM i Security Events with SIEM/DAM

SIEM atp for ibm i

iSecurity helps companies protect valuable information assets against insider threats, unauthorized external access and malicious, or inadvertent, changes to field-level data in business-critical applications by sending real-time alerts to specific recipients.

Real-time Syslog alerts sent from all iSecurity modules are fully integrated with leading SIEM/DAM products such as IBM’s Tivoli, McAfee, RSA enVision, Q1Labs, GFI Solutions and have been tested with products such as ArcSight, HPOpenView, CA UniCenter and others.

iSecurity supports Imperva SecureSphere DAM. 

ibm security products
security vulnerability assessment
ibm i business intelligence
2fa for ibm i
ibm security solutions
advanced threat protection for ibm i
ibm i encryption

Integration with SIEM products for forensic analysis of security-related events is an increasingly important requirement at companies worldwide; indeed, Raz-Lee’s iSecurity suite has supported Syslog-to-SIEM for numerous years. The latest version of Raz-Lee’s Syslog-to-SIEM support includes market-critical requests described in this data sheet.

  • Proven integration with all SIEM products.
  • Field-mode support for the 2 major standards – LEEF (IBM QRadar) and CEF (ArcSight). These standards are supported in many other SIEM products as well.
  • As an alternative to CEF and LEEF, iSecurity continues to support local structuring of the message format sent to a specific SIEM.
  • Sends Syslog messages in parallel to up to 3 SIEM products.
  • Transmission is supported via UDP, TCP or TLS (encrypted channel).
  • Support in all iSecurity solutions enables infrastructure-related alerts and field-level application alerts on unauthorized data changes or access.
  • Advanced filtering capabilities via specific severity code, part of the syslog standard, for each event/message and specifying the range of messages to send to each SIEM. This controls which messages will be sent to each SIEM.
  • Advanced communications recovery features handle network problems or SIEM unavailability
  • Enables sending extremely high volumes of information with virtually no performance impact.
  • Syslog Self-Test facility runs on the IBM i, receiving messages locally for syslog message pre-check prior to sending to a remote syslog server.

Insurance Company

  • Sends all application data changes to SIEM
  • Sends all DB updates (more than 1000 transactions/second), with CPU overhead <1%
  • Sends system journal (QAUDJRN) & network access alerts to SIEM

Mortgage Bank

  • Sends all network access rejects to SIEM
  • Sends important system journal (QAUDJRN) events to SIEM
  • SIEM performs advanced forensic analysis of messages from all platforms
  • Use iSecurity to provide audit reports to both internal and external auditors 

Bank

  • Sends messages to 2 SIEMs simultaneously
  • Different types of information are sent to each SIEM as they are managed by different groups in the bank
Related Resources