zERT Policy Connections Attributes

Use the zERT Policy Connections attributes to monitor all zERT policy-based enforcement audit records.

Application Name The z/OS jobname associated with the application address space that opened and bound the socket.

Collection Time The time and date of data sampling.

Connection End Time The date and time when this connection ended.

Connection Start Time The date and time when this connection started.

Hex Connection Number The hex representation of the connection number.

IP Protocol The IP Protocol for the security session. The possible values are:
6 - TCP
17 - UDP
IPv6 Indicates whether the connection uses IPv6 addresses.
  • 0 = NO
  • 1 = YES
Key Exchange The key exchange algorithm used by the cipher suite, if any. The format is an unsigned integer that can have one of the following values:
  • =0
  • Unknown TLS=0X0100
  • None TLS=0X0101
  • RSA=0X0102
  • RSA EXPORT=0X0103
  • RSA PSK=0X0104
  • DH RSA=0X0105
  • DH RSA EXPORT=0X0106
  • DH DSS=0X0107
  • DH ANON=0X0108
  • DH ANON EXPORT=0X0109
  • DH DSS EXPORT=0X010A
  • DHE RSA=0X010B
  • DHE RSA EXPORT=0X010C
  • DHE DSS=0X010D
  • DHE DSS EXPORT=0X010E
  • DHE PSK=0X010F
  • ECDH ECDSA=0X0110
  • ECDH RSA=0X0111
  • ECDH ANON=0X0112
  • ECDHE ECDSA=0X0113
  • ECDHE RSA=0X0114
  • ECDHE PSK=0X0115
  • KRB5=0X0116
  • KRB5 EXPORT=0X0117
  • PSK=0X0118
  • SRP SHA RSA=0X0119
  • SRP SHA DSS=0X011A
  • SRP SHA=0X011B
  • ECDHE=0X011C
  • DHE=0X011D
  • Unknown-SSH=0X0200
  • None-SSH=0X0201
  • DH-GEX-SHA256=0X0202
  • DH-GEX-SHA1=0X0203
  • DH-G14-SHA1=0X0204
  • DH-G1-SHA1=0X0205
  • ECDH-SHA2-NISTP-256=0X0206
  • ECDH-SHA2-NISTP-384=0X0207
  • ECDH-SHA2-NISTP-521=0X0208
  • GSS-G1-SHA1=0X0209
  • GSS-G14-SHA1=0X020A
  • GSS-GEX-SHA1=0X020B
  • ECMQV-SHA2=0X020C
  • GSS=0X020D
  • RSA1024-SHA1=0X020E
  • RSA2048-SHA256=0X020F
  • DH-G14-SHA256=0X0210
  • DH-G16-SHA512=0X0211
  • DH-G18-SHA512=0X0212
  • CRV-22519-SHA256=0X0213

Link ID Unique identifier for the zERT Policy session.

Local IP Address The local IP address for this connection. This is text string of up to 45 characters.

Local Port I4 The local port for this connection.

Message Authentication1 The first message authentication algorithm used for the connection, if any. The format is an unsigned integer that can have one of the following values:
  • =0
  • None=1
  • MD2=2
  • HMAC-MD5=3
  • HMAC-SHA1=4
  • HMAC-SHA2-224=5
  • HMAC-SHA2-256=6
  • HMAC-SHA2-384=7
  • HMAC-SHA2-512=8
  • AES-GMAC-128=9
  • AES-GMAC-256=10
  • AES-128-XCBC-96=11
  • HMAC-SHA2-256-128=12
  • HMAC-SHA2-384-192=13
  • HMAC-SHA2-512-256=14
  • HMAC-MD5-96=15
  • HMAC-SHA1-96=16
  • UMAC-64=17
  • UMAC-128=18
  • RIPEMD-160=19
Message Authentication2 The second message authentication algorithm used for the connection, if any. The format is an unsigned integer that can have one of the following values:
  • =0
  • None=1
  • MD2=2
  • HMAC-MD5=3
  • HMAC-SHA1=4
  • HMAC-SHA2-224=5
  • HMAC-SHA2-256=6
  • HMAC-SHA2-384=7
  • HMAC-SHA2-512=8
  • AES-GMAC-128=9
  • AES-GMAC-256=10
  • AES-128-XCBC-96=11
  • HMAC-SHA2-256-128=12
  • HMAC-SHA2-384-192=13
  • HMAC-SHA2-512-256=14
  • HMAC-MD5-96=15
  • HMAC-SHA1-96=16
  • UMAC-64=17
  • UMAC-128=18
  • RIPEMD-160=19

Origin Node Unique identifier for the TCP/IP stack being displayed.

Protocol Version The protocol version being used for the connection, if any. The format is an unsigned integer that can have one of the following values:
  • =0
  • SSHv1=1
  • SSHv2=2
  • SSLv2=512
  • SSLv3=768
  • TLSv1.0=769
  • TLSv1.1=770
  • TLSv1.2=771
  • TLSv1.3=772

Remote IP Address The remote IP address for this connection. This is text string of up to 45 characters.

Remote Port I4 The remote port for this connection.

Reset TCP Conn Indicates whether the connection was reset or dropped by the ZERTAction statement.
  • 0 = NO
  • 1 = YES

Rule Name The matching ZERTRule statement name.

Security Protocol The Security Protocol value. The possible values are:
  • 0 = None
  • 32 = IPSec
  • 64 = SSH
  • 128 = TLS
Symmetric Encryption1 The first symmetric encryption algorithm used for the connection, if any. The format is an unsigned integer that can have one of the following values:
  • =0
  • None=1
  • DES=2
  • DES 40=3
  • 3DES=4
  • RC2 40=5
  • RC2 128=6
  • RC2=7
  • RC4 40=8
  • RC4 128=9
  • RC4 256=10
  • RC4=11
  • AES CBC 128=12
  • AES CBC 192=13
  • AES CBC 256=14
  • AES CTR 128=15
  • AES CTR 192=16
  • AES CTR 256=17
  • AES GCM 128=18
  • AES GCM 256=19
  • AES CCM 128=20
  • AES CCM 256=21
  • AES CCM8 128=22
  • AES CCM8 256=23
  • AES 256=24
  • Blowfish=25
  • Blowfish CBC=26
  • CAST 128 CBC=27
  • ARCFOUR 128=28
  • ARCFOUR 256=29
  • ARCFOUR=30
  • Rijndael CBC=31
  • ACSS=32
  • ARIA 128 CBC=33
  • ARIA 256 CBC=34
  • ARIA 128 GCM=35
  • ARIA 256 GCM=36
  • Camellia 128 CBC=37
  • Camellia 256 CBC=38
  • Camellia 128 GCM=39
  • Camellia 256 GCM=40
  • ChaCha20 Poly1305=41
  • IDEA CBC=42
  • SEED CBC=43
  • Fortezza=44
  • GOST28147=45
  • TwoFish CBC 256=46
  • TwoFish CBC=47
  • TwoFish CBC 192=48
  • TwoFish CBC 128=49
  • Serpent CBC 256=50
  • Serpent CBC 192=51
  • Serpent CBC 128=52
Symmetric Encryption2 The second symmetric encryption algorithm used for the connection, if any. The format is an unsigned integer that can have one of the following values:
  • None=1
  • DES=2
  • DES 40=3
  • 3DES=4
  • RC2 40=5
  • RC2 128=6
  • RC2=7
  • RC4 40=8
  • RC4 128=9
  • RC4 256=10
  • RC4=11
  • AES CBC 128=12
  • AES CBC 192=13
  • AES CBC 256=14
  • AES CTR 128=15
  • AES CTR 192=16
  • AES CTR 256=17
  • AES GCM 128=18
  • AES GCM 256=19
  • AES CCM 128=20
  • AES CCM 256=21
  • AES CCM8 128=22
  • AES CCM8 256=23
  • AES 256=24
  • Blowfish=25
  • Blowfish CBC=26
  • CAST 128 CBC=27
  • ARCFOUR 128=28
  • ARCFOUR 256=29
  • ARCFOUR=30
  • Rijndael CBC=31
  • ACSS=32
  • ARIA 128 CBC=33
  • ARIA 256 CBC=34
  • ARIA 128 GCM=35
  • ARIA 256 GCM=36
  • Camellia 128 CBC=37
  • Camellia 256 CBC=38
  • Camellia 128 GCM=39
  • Camellia 256 GCM=40
  • ChaCha20 Poly1305=41
  • IDEA CBC=42
  • SEED CBC=43
  • Fortezza=44
  • GOST28147=45
  • TwoFish CBC 256=46
  • TwoFish CBC=47
  • TwoFish CBC 192=48
  • TwoFish CBC 128=49
  • Serpent CBC 256=50
  • Serpent CBC 192=51
  • Serpent CBC 128=52

Sysplex Name The name of the sysplex that the monitored system is part of.

System ID The SMF system ID.

TCPIP STC Name The TCP/IP job name.

Total Bytes Received The total number of bytes received since the start of the connection.

Total Bytes Sent The total number of bytes sent since the start of the connection.

Total Segs/DGs Received The total number of TCP segments or UDP datagrams received since the start of the connection.

Total Segs/DGs Sent The total number of TCP segments or UDP datagrams sent since the start of the connection.

User ID The z/OS user ID associated with the socket.