This guide provides information for configuring CorreLog SIEM Agent for z/OS for syslog event collection with ArcSight. CorreLog SIEM Agent is supported on z/OS (“mainframe,” formerly known as MVS and/or OS/390) platforms. z/OS releases V1R11 and above are supported.
SIEM Agent for z/OS integrates z/OS mainframe security events into an enterprise ArcSight ESM strategy. SIEM Agent allows users to view Mainframe security, database, and TCP/IP events in real-time, alongside events from Windows, UNIX, Linux, routers, ﬁrewalls, and other IT assets in an enterprise SIEM system. SIEM Agent converts a myriad of events including TSO Logons, Production Job ABENDs, TCP/IP Connections, FTP, logs from RACF, ACF2, CA Top Secret, and DB2 accesses. SIEM Agent facilitates compliance requirements from PCI DSS, HIPAA, SOX, IRS Pub. 1075, GLBA, FISMA, NERC and many others.