IBM Security zSecure support for DB2 12
JeroenTiggelman 27000186A5 Visits (9936)
A Service Stream Enhancement (SSE) for IBM
The zSecure Collect component automatically detects DB2 subsystems and extracts information from them into a system snapshot file (CKFREEZE). Standard reports based on this information are available under ISPF UI menu option RE.D. zSecure has extensive analysis capabilities to help you work with DB2 Access Control Lists, and integrates this information into IBM
The following updates are provided:
* The DB2 region report has been extended to report on new security controls;
* The DB2 tables and views reports and access control lists have been adapted for the new UNLOAD object privilege;
* SMF reporting has been enhanced for new and changed IFCids;
* New security relevant IFCids have been integrated into QRadar SIEM.
These features apply to zSecure Audit. The region report is also available in zSecure Admin. The access list updates (for DB2, RACF and ACF2) are also relevant for Guardium Vulnerability Assessment. The IFCid enhancements also apply to zSecure Adapters for QRadar SIEM (for RACF, ACF2, and Top Secret). It is possible to base alerts on the new information in zSecure Alert.
Documentation updates have been provided in a technote.
To benefit from these enhancements the following is required:
* IBM Security zSecure 2.2.1 (zSecure Admin, zSecure Audit, zSecure Adapters for QRadar SIEM, zSecure Alert, or one of the zSecure Compliance, Auditing, and Administration solutions)
* PTF UA91626 for APAR OA52146
You can apply this fix without special considerations. You might need to adapt your production jobs to activate sending the new data to QRadar SIEM and Guardium Vulnerability Assessment. Updates on the QRadar SIEM and Guardium VA sides are required for the full benefits--to map the new events and to interpret the new data in the DB2 table, respectively.
If you have any questions, please post them here or on the zSecure forum. You can also visit the zSecure community and wiki. The I