Your organization has invested in a security information event manager, or SIEM, to receive and analyze security and event log information from a variety of servers. Now they want to also get this information from their IBM Power Systems server. The Power server is often the “odd man out” when it comes to such information exchanges. But don’t worry, the solution is out there.
Powertech SIEM Agent for IBM i is the IBM i interface into SIEM solutions. It provides real-time notification of not only audit journal activity but also key system activity based on Message IDs. Powertech SIEM Agent also interfaces directly with Powertech Exit Point Manager for IBM i firewall solution and Powertech Authority Broker for IBM i privileged user management software. So you can now feed your SIEM solution with not only the activity that can be found using traditional methods—such as the audit journal—but also greatly enhanced levels of visibility of remote system access as well as activity performed by powerful users.
But there are even more benefits that you can gain from having Powertech SIEM Agent in your system monitoring toolbox! The key strengths of this software lie in its real-time notification based on definable filters. These filters control when and why Powertech SIEM Agent will actually generate event notifications. This ensures that you are not flooded with unnecessary events.
Speaking of notifications, receiving them on your desktop is great, but why not extend real-time notification to your smart phone so you can be informed of events even when you are away from your desk or out of the office? Teaming Powertech SIEM Agent with other Fortra products like Robot Console and Robot Alert can open up a whole world of sophisticated monitoring and escalation options.
Powertech SIEM Agent can send its events, not only to a wide variety of SIEM solutions but also to IBM i message queues.
Robot Console is the premium message, event, and resource management solution for IBM i and utilizes logic-based rules to automate the handling of these messages. Why not have Powertech SIEM Agent inform Robot Console about a user disabling their profile but only have it escalate this to you and your colleagues (as SMS or email using Robot Alert) if the profile is of significant power or it is outside of normal working hours. These are the “decision making” processes with which you can empower Robot Console. You can even have Robot Console take more significant actions such as re-enabling lower level profiles and varying back on devices if they had become disabled. Use Powertech SIEM Agent as the information gatherer, Robot Console as the decision maker, and Robot Alert as the “voice” to shout about those key events; all in real-time.
But we can take things even further. Do you have multiple IBM i partitions from which you would like to receive real-time notification? Have Powertech SIEM Agent on each partition feed its events to Robot Console, which can then be consolidated into one centralized point of management using Robot Network event consolidator and performance monitor. You can produce custom views which may, for example, only be those events from all of the Powertech SIEM Agent products deployed across your environment. Furthermore, you can use Robot Network as a centralized escalation path into Robot Alert or even to problem ticketing solutions such as HEAT or Remedy using SNMP traps.
Find out how powerful Powertech SIEM Agent, Robot Console, and Robot Alert can be when they work together. Request a product demo today.
Find out how powerful Powertech SIEM Agent for IBM i, Robot Console, and Robot Alert can be when they work together. Request a product demo today.