Enterprise System Information and Event Management (SIEM) products collect system activity information from organizational network servers and devices, and aggregate that collected data to detect threats, discover security trends, and alert IT management to possible network issues. SIEM solutions such as Splunk, Imperva, QRadar, and others, allow you to gain a clearer picture of your security and user activity.
IBM i collects its own SIEM data from its audit journals (QAUDJRN), operating system exit points, malware & anti-virus software, firewalls, and other sources. IBM i SIEM data can and should be included in SIEM security analytics, reporting, and forensics. But understanding what IBM i data should be sent to SIEM servers and managing SIEM transmission can be a difficult and time-consuming process.
Join this live Webinar where SEA’s Mel Zucker discusses what IBM i data should be sent to an enterprise SIEM product and the best ways to find, select, and transmit data from the IBM i server to a SIEM solution. Topics include:
- Why you must send IBM i data to a SIEM solution
- Knowing the difference between SIEM logging vs Local data logging
- What security and event data should be sent to an SIEM server…and what shouldn’t
- Integrating your IBM i system with a SIEM product
- Key criteria to consider for transmitting SIEM data from the IBM i.
- An overview into iSecurity Syslog capabilities for transmitting audit logs, remote activity, and other critical information
We look forward to joining you on March 19th.
Mel Zucker is a 30-year IBM veteran, who worked in AS/400 and IBM i customer engineering, program support, system engineering, and technical consulting. For the last 15 years, Mel has served as a lead technical support resource for SEA’s internal and external customers. He is well versed in all aspects of IBM i system administration, operations, security, and compliance, and teaches highly technical material such as IBM i SIEM integration in a down-to-earth manner.