Enterprise SIEM Integration

What is iSecurity Syslog?

iSecurity Syslog provides real-time transmission of IBM i (AS400) security event information to enterprise SIEM solutions.

With the growing need for companies to integrate security data into Security Information Enterprise Management (SIEM) solutions to gain an enterprise-level view of security as well as comply with regulatory requirements, the IBM i’s role of hosting critical business applications has made the IBM i an essential part of integrating security data into an enterprise SIEM solution.

Features of iSecurity Syslog

iSecurity Syslog provides transmission of events information for standard IBM OS400 audit types as well as specific iSecurity Audit entry types to provide additional details beyond what QAUDJRN currently offers, including: 

  • Security-related events involving changes to the configuration, validation of lists, verification functions, and run-time security functions
  • Authority failure, Password reset, Use of adopted authority, and program integrity violations
  • Object access auditing for creates, deletes, reads, or changes
  • Job changes, Moves or renames of objects, and Operations on spooled files
  • Save or Restore operations
  • Service Tools and System management activities
  • Advanced Peer to Peer Network communications, System distribution, or office mail or Optical volumes tasks, and Attention events
  • iSecurity internal custom audit types used to generate reports over multiple IBM standard audit types

The simplicity of iSecurity Syslog allows you to integrate with an SIEM solution simply

Show All Hide All
  • Integration with Leading SIEM solutions

    iSecurity Syslog provides an additional layer of security to companies by sending IBM i messages to enterprise SIEM solutions and allows companies to gain an enterprise level view by integrating IBM i (AS400) security data with the rest of the enterprises security information.  

    iSecurity Syslog integrates with industry-leading SIEM solutions such as:

    • IBM (QRadar)
    • Mcafee
    • RSA
    • Imperva (SecureSphere)
    • Splunk
    • GFI solutions
    • ArcSight
    • AllianceOne
    • Alien Vault
    • LogRhythm
    • Juniper
    • And More

    iSecurity Syslog easily integrates with leading SIEM solutions like Qradar, mcafee, splunk, and arcsight

  • Integration with iSecurity modules for transmission of Security Event Information

    iSecurity Syslog provides real-time alert handling and integrates seamlessly with the following iSecurity solutions to send additional security event information:

    • iSecurity Audit - Audit Journal Messages (QAUDJRN), QHST, and any selected Message Queues
    • iSecurity Firewall - Network Security & Exit Point Activity
    • iSecurity AP-Journal (Database Journals)
    • iSecurity Authority On Demand (User Authority Changes)
    • iSecurity Anti-Virus (Virus detection alerts)
  • iSecurity Audit – Advanced Auditing & Compliance Integration

    iSecurity Syslog’s integration with iSecurity Audit allows advanced capabilities including the ability to:

    • Transmit audit entry types and specific QAUDJRN journal entry types which have been processed by iSecurity Audit’s real-time advanced filtering
    • Transmit QHST, QSYSOPR & QCPFMSG logs with real-time action filtering
    • Use Real-Time alerts to send Customizable events to an enterprise SIEM

    Enterprise SIEM Integration - iSecurity Audit – Advanced Auditing & Compliance Integration

  • iSecurity Firewall - Exit Point Activity & Network Access Integration

    iSecurity Syslog integration with iSecurity Firewall provides transmission of all exit points transactions that are monitored by iSecurity Firewall and can send all transactions or a defined subset of transactions to a SIEM, including:

    • Transactions from 44 plus access servers shipped with the operating system
    • Transactions which are ‘logged only’ (both allows and rejects) remote events using iSecurity Firewall’s FYI mode, which allows users to simulate rules before going live.  
    • Filtered remote server transactions by severity assignment

    Enterprise SIEM Integration - iSecurity Firewall - Exit Point Activity & Network Access Integration

  • iSecurity Authority On Demand Integration

    iSecurity Syslog’s integration with iSecurity Authority On Demand provides users with the capability to transmit authority change information logged in iSecurity Authority on Demand to SIEM solutions, including:

    • Start and End of the elevated Swap or Added authority or special authority
    • Reason for the elevated authority requests
    • Failed elevated authority attempts
  • iSecurity AP Journal – Field Level Change Monitoring Integration

    iSecurity Syslog’s integration with iSecurity AP-Journal allows users to send field level before and after database journaled transactions as they occur, including:

    • Unauthorized read access of sensitive database files residing in critical production libraries
    • Real-time updates on confidential database records in various business critical applications
    • Triggers on changes to sensitive database information as they occur
  • iSecurity Anti-Virus – System Anti-Virus Integration

    iSecurity Syslog’s integration with iSecurity Anti-Virus provides companies with the ability to forward the real-time virus alerts upon detection of infection, including:

    • Captured and Quarantined virus information