IBM Security zSecure support for CICS V5R4
JeroenTiggelman 27000186A5 Visits (9612)
IBM Security zSecure can detect security settings for CICS regions and report on CICS transactions and programs, and can process CICS security events. ISPF menu option RE.C displays information about CICS regions (zSecure Admin, zSecure Audit) and about CICS transactions and CICS programs (zSecure Audit only). CICS SMF records are processed in zSecure Audit, zSecure Alert, and zSecure Adapters for QRadar SIEM; the enriched events can be sent to a Security Information and Event Management (SIEM) solution, such as IBM QRadar SIEM.
The common query language employed by zSecure Admin, zSecure Audit, zSecure Manager for RACF z/VM, zSecure Alert, and zSecure Adapters for QRadar SIEM is called the CARLa Auditing and Reporting Language (CARLa).
zSecure CICS Toolkit provides a toolkit and an administrator interface to administer RACF from a CICS environment.
The following updates are provided:
* Toleration support for CICS Transaction Server V5R4, without which CICS information might be missing or unrecognized.
* New field TRAN_RTIMEOUT (terminal read timeout) in the CICS_TRANSACTION report type (displayed in RE.C.T).
The CICS_TRANSACTION report is available in zSecure Audit. The SMF report type is available in zSecure Audit, zSecure Alert, and zSecure Adapters for QRadar SIEM. The zSecure Collect for z/OS component can be run with any of those, and with zSecure Admin.
Note that IBM Security zSecure CICS Toolkit works with CICS V5R4 without modifications.
Documentation updates have been provided in a Technote.
To fully benefit from these enhancements the following is required:
* IBM Security zSecure 2.1 (or later), or one of the zSecure Compliance, Administration, and Auditing solutions
You can apply this fix without special considerations.
If you have any questions, please post them here or on the zSecure forum. You can also visit the zSecure community and wiki. The current zSecure for z/VM release is 1.11.2. The I