IBM Security zSecure today
JeroenTiggelman 27000186A5 Visits (10070)
Here is a quick introduction to IBM Security zSecure.
In a word
Information about the latest releases can be found in the following articles.
zSecure's CARLa Auditing and Reporting Language (CARLa)
The CARLa Auditing and Reporting Language (CARLa) is the common query language employed by zSecure Admin, zSecure Audit, zSecure Manager for RACF z/VM, zSecure Alert, and zSecure Adapters for QRadar SIEM, which all share the CARLA engine. (So does zSecure Visual, but as an end user you do not usually make direct use of the script language when using that product.)
CARLa allows for easy customization of reports. When using e.g. zSecure Admin, an easy way to develop new reports from samples is to run a standard report from the User Interface and then go to the RESULTS panel and look at the query that just executed and modify it to suit your needs. There is also an extensive set of sample CARLa in the SCKRCARL library provided with the product. zSecure Alert allows easy cloning of out-of-the-box alerts and modification of alert conditions and the alert content as delivered as e-mail, text message, WTO, SNMP trap, or UNIX syslog receiver message, as you prefer. Self-study materials on CARLa are available on the zSecure wiki. The zSecure forum on developerWorks has been the primary place to publically discuss things zSecure for many years.
zSecure and Security Information and Event Management
zSecure understands many System Management Facilities (SMF) record types, including some written by IBM's Resource Access Control Facility (RACF), z/OS Communications Server (i.e. TCP/IP), CA's ACF2 and Top Secret, CICS, Db2, IBM Security Key Lifecycle Manager (ISKLM), and IBM Tivoli Omegamon. The complete list is quite long. Nowadays security events are often collected in a Security Information and Event Management (SIEM) offering, such as IBM QRadar SIEM or HPE Security ArcSight. The CARLa language can be used to easily send security events from SMF enriched with security database and environmental information to such a product. zSecure Audit and the zSec
IBM Security zSecure Alert can forward real-time alerts to many different products through the UNIX syslog receiver, SNMP, and WTO protocols, both to automate intrusion response and to consolidate compliance information. A pluggable component "IBM zSecure Alert DSM" has been provided for QRadar SIEM. zSecure Alert also comes with Common Event Format (CEF) to send to a UNIX syslog receiver for consumption by HPE Security ArcSight. Sample files to consolidate the alerts into Tivoli NetView are provided in the zSec
Note: This article is kept current as the intended starting point for the latest announcements. Latest edit: December 19, 2017.