CEF Configuration Guide for CorreLog SIEM Agent

Summary:

The "CEF Configuration Guide -- CorreLog SIEM Agent for z/OS" is a guide to help users set up the CorreLog SIEM Agent on mainframe computers (z/OS) to collect syslog events and integrate them into an ArcSight ESM strategy for security monitoring. It supports z/OS releases V1R11 and above, converting various types of log entries including TSO Logons, Production Job ABENDs, TCP/IP Connections, FTP logs from RACF, ACF2, CA Top Secret, and DB2 accesses. The agent uses CEF format for easy event collection and management across different systems. It helps meet compliance requirements such as PCI DSS, HIPAA, SOX, IRS Pub. 1075, GLBA, FISMA, NERC, etc. CorreLog SIEM Agent is certified to be compatible with HP ArcSight CEF format, and the event format complies with HP's CEF requirements. The document includes a link to a user guide for more detailed information.

Details:

The "CEF Configuration Guide -- CorreLog SIEM Agent for z/OS" is a document designed to help users configure the CorreLog SIEM Agent on mainframe computers (z/OS) to collect syslog events with ArcSight for security monitoring. This guide covers how to set up the agent to integrate z/OS mainframe security events into an enterprise ArcSight ESM strategy, allowing real-time viewing of mainframe and other IT assets' security, database, and TCP/IP events in a single SIEM system. The document highlights that CorreLog SIEM Agent supports z/OS releases V1R11 and above, converting various types of log entries such as TSO Logons, Production Job ABENDs, TCP/IP Connections, FTP logs from RACF, ACF2, CA Top Secret, and DB2 accesses. It is particularly useful for meeting compliance requirements like PCI DSS, HIPAA, SOX, IRS Pub. 1075, GLBA, FISMA, NERC among others. The configuration process involves setting up the SIEM Agent in a CEF (Common Event Format) format, which simplifies event collection and management across different systems. The text provided discusses CorreLog SIEM Agent for z/OS, which is certified to be compatible with the HP ArcSight Common Event Format (CEF). It explains that the event format complies with the requirements of HP's CEF and that the HP ArcSight CEF connector can process these events correctly. Additionally, the content meets standard SmartConnector requirements, making it suitable for use in correlation rules, reports, and dashboards within the ArcSight product suite. The document also provides a link to a user guide (CorreLog_Agent for zOS_V5-4-0_CEF_Config Guide_2014.pdf) which can be downloaded as an attachment. Build 7.3.0.7886 is a new version of ArcSight with updated connectors like Smart, CEF, Flex, and more. They also provide third-party copyright notices and license terms. On June 30th, they remind users to prepare for leap second insertion in the ArcSight products. There's an important notification about a patch issue in v6.9.1c Patch 2 which affects annotations for pre-existing events. Additionally, there are updates to their privacy policy and terms and conditions. The site feedback option is available for user input. Jive Software powers this platform with version 2016.3.4.0, revision 20161130091729.efc1903.release_2016.3.4.