After you create your IBM® QRadar® agent definition, you can use your Arpeggio SIFT-IT software and QRadar integration to customize your security and auditing requirements.
You can customize the following security and auditing requirements:
- Create custom configurations in Arpeggio SIFT-IT with granular filtering on event attributes.
For example, filtering on job name, user, file or object name, system objects, or ports. All events that are forwarded from SIFT-IT and the contents of the event payload in QRadar are easily searched.
- Configure rules in QRadar to generate alerts or offenses for your security team to identify potential security threats, data loss, or breaches in real time.
- Configuring processes in Arpeggio SIFT-IT to trigger real-time remediation of issues on your IBM i.
- Creating offenses for your security team from Arpeggio SIFT-IT events in QRadar with the Offenses tab or configuring email job logs in SIFT-IT for your IBM i administrators.
- Creating multiple configuration rule sets for multiple agents that run simultaneously to handle specific security or audit events.
For example, you can configure one QRadar agent with a specific rule set for forwarding all IBM i events, then develop multiple configuration rule sets for specific compliance purposes. You can easily manage configuration rule sets for compliance regulations, such as FISMA, PCI. HIPPA, SOX, or ISO 27001. All of the events that are forwarded by SIFT-IT QRadar agents are contained in a single log source and categorized to be easily searched.