IBM Support

OA55668: SUBJECT AND ISSUER DN'S FROM SMF RECORD TYPE 119, SUBTYPE 11 (ZERT RECORDS) ARE NOT INCLUDED IN GENERATED LEEF DATA.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When generating LEEF data from SMF 119-11 records, the DN's of
    the subject and issuer of the certificates used in the secure
    connection are not present.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the        *
    *                 software to prepare data for QRadar SIEM.    *
    ****************************************************************
    * PROBLEM DESCRIPTION: The zSecure Audit QRadar SIEM interface *
    *                      does not generate the 'Distinguished    *
    *                      Name type and Name' field for SMF       *
    *                      records types 119-11 and 119-12         *
    *                      (for zSecure Audit version 2.3.1).      *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided and review the        *
    *                 documentation updates.                       *
    ****************************************************************
    The zSecure Audit QRadar SIEM interface does not generate the
    the 'Distinguished Name type and Name' (DN) field of the subject
    and issuer of the certificates for SMF records types 119-11
    (zERT connection detail record) and 119-12 (zERT Summary
    record, for zSecure Audit version 2.3.1).
    

Problem conclusion

  • The zSecure Audit QRadar SIEM interface has been modified so
    that the 'Distinguished Name type and Name' field is written to
    a QRadar LEEF file for the following SMF events:
     - type 119-11 (zERT connection detail record).
     - type 119-12 (zERT Summary record, for zSecure Audit version
       2.3.1).
    Please note the documentation changes as provided by the APAR
    tracking comment data.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA55668

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    230

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-06-05

  • Closed date

    2018-11-16

  • Last modified date

    2018-12-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA97970 UA97971

Modules/Macros

  • C2R3SMIE CKAFDEFA CKASMF77 CKASMFI  CKASMFT  CKQLEEF  CKQLEEFL
    CKRICME  GKRFDEFA GKRICME  GKRSMF77 GKRSMFI  GKRSMFT
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R230 PSY UA97970

       UP18/11/17 P F811

  • R231 PSY UA97971

       UP18/11/17 P F811

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"230","Edition":""}]

Document Information

Modified date:
12 December 2018