CorreLog SIEM Agent for z/OS CEF Configuration Guide for ArcSight

File uploaded by on Jul 1, 2014Last modified by 21799191 on Aug 3, 2015
Version 7Show Document
  • View in full screen mode

This guide provides information for configuring CorreLog SIEM Agent for z/OS for syslog event collection with ArcSight. CorreLog SIEM Agent is supported on z/OS (“mainframe,” formerly known as MVS and/or OS/390) platforms. z/OS releases V1R11 and above are supported.


SIEM Agent for z/OS integrates z/OS mainframe security events into an enterprise ArcSight ESM strategy. SIEM Agent allows users to view Mainframe security, database, and TCP/IP events in real-time, alongside events from Windows, UNIX, Linux, routers, firewalls, and other IT assets in an enterprise SIEM system. SIEM Agent converts a myriad of events including TSO Logons, Production Job ABENDs, TCP/IP Connections, FTP, logs from RACF, ACF2, CA Top Secret, and DB2 accesses. SIEM Agent facilitates compliance requirements from PCI DSS, HIPAA, SOX, IRS Pub. 1075, GLBA, FISMA, NERC and many others.