IBM Support

How PowerSC Implements Enhanced Detection and Response

General Page

This page provides a detailed description on how Enhanced Detection and Response (EDR) is implemented by PowerSC.
Numerous different types of security events can be centrally received by the PowerSC GUI server from PowerSC GUI agents.  PowerSC provides EDR support for the following types of security events:
  1. PowerSC Real Time Compliance configuration change
  2. AIX Trusted Execution configuration change
  3. Linux auditd configuration change
  4. Content change with File Integrity Monitoring
  5. Access change with File Integrity Monitoring
  6. Directory Change with File Integrity Monitoring
  7. Hash mismatch with Allow Listing
  8. Meta-data mismatch with Allow Listing
  9. Applying a Compliance profile
  10. Remove a Compliance profile
  11. Compliance check
  12. Multiple password failures
  13. Port scan
  14. Signature match with Host Intrusion
  15. Malware event
  16. Blocklist event
  17. Failure of a scheduled command
When one of these security events occurs, PowerSC allows you to define up to 3 actions to take for a given type of security event:
  1. Forward the security event details to the syslog stream on the PowerSC GUI server, which can then be relayed to other Security Information and Event Management (SIEM) servers or log analytic tools
  2. Email the security event to a user-defined set of email addresses
  3. Execute a built-in or user-defined script on the corresponding PowerSC GUI agent
PowerSC allows you to define an individual EDR configuration scheme on a per-host basis.  If a scheme is suitable for multiple hosts, you have the option to copy that scheme to any group of compatible hosts.
For questions, please contact AIX/Linux Security consultant, Stephen Dominguez, at email

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSB2BD2","label":"IBM PowerSC"},"ARM Category":[{"code":"a8m3p000000UoK2AAK","label":"PowerSC Standard (PSC)"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSTQK9","label":"PowerSC Standard Edition"},"ARM Category":[{"code":"a8m3p000000UoK2AAK","label":"PowerSC Standard (PSC)"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
10 July 2024

UID

ibm17129949

Page Feedback