Terms to understand
This topic describes the key terms that your staff should know when they use IBM Threat Detection for z/OS (IBM TDz).
The following terms are commonly used in the field of threat detection.
| Term | Meaning |
|---|---|
| Alert | When IBM Threat Detection for z/OS (IBM TDz) detects an anomalous event, it notifies your staff through a write-to-operator (WTO) console message. By default the alerting feature is disabled. IBM suggests enabling alerting after IBM TDz has been running for 60-90 days. |
| Analytics boundary | Determines the point in time at which the historical baseline is established. |
| Anomaly signature | Combination of the key characteristics that identify a series of data access activities. One or more events are associated with one anomaly signature. |
| Cron | A UNIX system's main scheduler for running jobs or tasks unattended. |
| Cron job | IBM TDz runs as a cron job that processes this data regularly. This processing is where signatures are built and notification is done as anomalies are identified. |
| Crontab | A command that allows the user to submit, edit, or delete entries to cron. |
| Cron tab file | A crontab file is a user file that holds the scheduling information. |
| Event | A data access activity on z/OS. |
| Exclusion list | In IBM TDz, the data access signatures that you deem to be normal can be added to the exclusion list, which can help to reduce false positives. It is recommended that you update the exclusion list by running the IBM TDz exclusion function every 1-2 weeks. |