Automatically Collect and Transmit File Integrity Events
Format security events into an open systems log format, and securely transmit them to a log server for consolidation with the security events from other servers in the Enterprise. (IBM Power Systems i, IBM System z Mainframe, Windows, Linux and UNIX).
Convert IBM i System Logs to Common syslog Formats
File integrity events can be consolidated with System i security journal QAUDJRN, system operator message queue, and system history file QHST. Log entries are converted from the internal IBM format to either syslog format (RFC3164) or Common Event Format (CEF). Converted entries are then transmitted to a central log server or SIEM product for log collection, analysis, and alert management.
Advanced System Logging Tools with the Alliance LogAgent Suite
New tools allow administrators to selectively monitor configuration files and sensitive data change activity at the column or field level. Sensitive data in all types of applications can be monitored without changes to those programs, or changes to user accounts. IBM i security administrators can implement File Integrity Monitoring quickly with no disruption to on-going operations.
The Alliance LogAgent Suite gives IBM i security administrators new tools to monitor the health and security of their systems, and to proactively meet compliance regulations. Any IBM i administrator in a regulated industry such as finance, medical, retail, pharmaceutical, or government agency can easily meet the challenges of a wide variety of laws and regulations.
Features Unique to the Alliance LogAgent Suite:
- Monitor file read and/or change access by column
- Monitor multiple columns in one database table
- User white lists for table and column access
- Detect and alert on changes to configuration files and sensitive data
- Set floor and ceiling values for events
- Optionally log hashed value of changed data
- Query system log history for changed data
- Route file integrity events to QAUDJRN or to SIEM application
- Format security events to Syslog standard or Common Event Standard
High Performance Event Handling
Alliance Log Agent can process multiple files simultaneously. This means that you can process the large number of events that are generated when System i security levels are at the highest settings.
Supports Two Factor Authentication
Paired with Alliance Two Factor Authentication, organizations can reduce the security weakness of relying on passwords as their only authentication mechanism. By requiring an additional piece of information delivered to authorized users via SMS text or voice message, organizations can improve security of their sensitive data.
Security Events Reported to Leading SIEM Companies
| Dell SecureWorks
Splunk Business Intelligence
Many IBM i customers deploy Splunk for real time business intelligence. Alliance LogAgent supports the ability to detect changes (insert, update, delete) in selected database files and report information to Splunk. You can select any file and selected fields in the file to be reported to Splunk. As records are processed from your database file the information is normalized and formatted so that Splunk can easily process it. This capability of Alliance LogAgent makes it easy to create Splunk dashboards, reports, and alerts based on any business data you select. Townsend Security can provide professional services assistance to set up and configure Splunk dashboards and reports.
To help IBM i system administrators monitor the health of their IBM i servers, LogAgent can collect selected system and disk status information and send this information to your SIEM solution. Collected system information includes CPU utilization, disk utilization, disk unit status, and other metrics. Operations management information is independent of security monitoring and can be enabled or disabled as needed.
Alliance LogAgent monitors all of the major IBM i exit points including host management servers, FTP, ODBC and others. Important security information is collected, converted to standard system log format (Syslog, CEF, LEEF) and transmitted to your SIEM monitoring system or log collection server. For SQL connections to the IBM i over ODBC or DRDA connections, the SQL statement is collected and reported. Exit points can be selectively activated or de-activated.
Administrative User Email Notification
When an administrative user starts a job on your IBM i server you can select to receive an email alert. After determining the authority level of a user an email alert can be sent to a selected email address or distribution group. Alliance LogAgent uses its own SMTP client for email delivery and you can easily configure email servers such as Microsoft Exchange to receive and process email from Alliance LogAgent on the IBM i server. The email alert identifying the user with administrative access provides date, time, system name, logical partition and job information to help the IBM i system administrator quickly respond to the event.
Alliance LogAgent for IBM i integrates IBM i servers and applications with ServiceNow, the leading cloud-based solution for IT system support problem tracking and resolution. Leveraging the ServiceNow REST web interface, Alliance LogAgent can instantly record critical system events as ServiceNow Incident reports. Additionally, the solution also exposes an API command to allow IBM i customers the ability to integrate line-of-business applications with ServiceNow. When business applications encounter critical events or errors, these can be immediately visible to the IT administrative and security teams for rapid response and resolution.
Flexible Licensing Options
With flexible licensing options, including perpetual and subscription licensing, protecting sensitive data on the IBM i has never been easier or more affordable.