The CorreLog SIEM Agent™ for IBM z/OS captures RACF, ACF2, Top Secret, DB2 accesses and other security-related events and in real time, converts those events to standard Syslog format for distributed SIEM (security information & event management) systems. SIEM Agent for z/OS has been certified for HP® ArcSight Common Event Format (CEF). With CEF certification, the CorreLog SIEM Agent is now able to send z/OS event logs to HP ArcSight Enterprise Security Manager (ESM) through a certified connector in real-time, as the event logs are generated.
How does it work?
The CorreLog SIEM Agent for z/OS is installed on single or multiple z/OS LPARs; installation takes less than ½ a day. SIEM Agent for z/OS converts SMF security event data to CEF and sends it to ArcSight in real time. No further event log processing outside of z/OS is required and SIEM Agent can also monitor access control systems such as RACF®, CA-Top Secret®, and ACF2™.
A CorreLog SIEM Agent datasheet is attached here. More information about CorreLog can be found here.