|
» » » »
|
|
|
| System i Security |
| |
| |
|
|
| IT Audit Data Warehouse - CPA |
An IT Audit Data Warehouse for security data, database, network and other system logs coming from IBM i Series, Power Systems, IBM Mainframe and Open platforms, SQL, Oracle and DB2 Databases, and integrates with SYSLOG and SIEM tools. BSafe/Cross-Platform Audit serves as a central Data Warehouse for historical auditing, reporting, alerts and general IT security policy management and compliance. Security data, database and system event logs managed by the CPA are stored in a SQL Server. BSafe's CPA provides simple point-and-click tools for non-technical personnel to perform their tasks on platforms they are not familiar with. Enforcive/Cross-Platform Audit works with the following platforms: IBM i (AS400), IBM z (Mainframe), Windows, SQL Server, Unix/AIX, Linux, Oracle and Sun Solaris. Integrates with Splunk, Envision, Kiwi, NitroSecurity, netForensics and other Syslog Servers and SIEM frameworks. |
|
|
|
|
|
| |
| |
 |
 |
|
 The CPA can serve as a data warehouse for database events, system events, network events and other event types coming from any Platform or Database, and can serve as middleware to integrate with corporate SYSLOG and SIEM tools. BSafe/Cross-Platform Audit serves as a central data warehouse for historical auditing, reporting, alerts and general IT security policy management and compliance. Security data, database and system event logs managed by the CPA are stored in a SQL Server. BSafe's CPQ provides simple point-and-click tools for non-technical personnel to perform their tasks on platforms they are not familiar with.
Enforcive/Cross-Platform Audit works with the following platforms: IBM i (AS400), IBM z (Mainframe), Windows, SQL Server, Unix/AIX, Linux, Oracle and Sun Solaris
A large selection of compliance drive audit reports are pre-defined and ready to run. After system and security audit data is imported to the CPA's central data repository (SQL Database), it can filter events for on screen viewing and generate reports accross systems, partitions and platforms by user or global user ID using many filter and selection criteria. Once in the CPA Sequel database, alerts can be triggered to send an email notifications
BSafe's Cross-Platform Audit (CPA) collects, consolidates, organizes and manages all your IT system, database and security (desired/relevant) events from any platform for long term archiving and/or integrating with other corporate frameworks such as SYSLOG and SIEM products. Immediate benefits include:
- Saves resources in platform-specific expertise that would otherwise be required to achieve the same result.
- Enables non-technical personnel to perform thier audit related tasks without having to rely on other resources.
- Frees up production resources from excessively large event and security logs that often need to be maintained online for a significant period of time and/or allows for additional security auditing to be enabled.
- Correlates events from multiple systems into a single audit trail, making analysis more efficient and obviuos.
- Provides a single centalized view of all relevant events that affect your security policies or compliance initiatives.
- Identifies database field level changes, highlighting the before and after results.
Event Sources Supported by Platform, OS or Database are summarized below:
Windows/Servers (Windows Server 2000/2003/2008)
• Windows Event Logs: Security, Application, DNS, and more
• Windows Active Directory Compliance
• ISA Server logs
• DHCP logs
• IIS Web Server logs
• IBM Lotus Domino
SQL Server (2005/2008)
• SQL Statements
• SQL System Audit
• SQL Data Audit
SQL Server (2000)
• SQL Data Audit
AS/400/i Series/System i (V5R1M0 and above)
• System Audit
• File and Field Audit
• Alerts
• Application Audit
• SQL Statement
• IP Filter
• Compliance
• Message Queue
• History Log
Mainframe/System z (z/OS v 1.9 and above)
• SMF TELNET
• SMF FTP
• SMF VSAM
RACF (according to operating system)
• SMF RACF
Communication Server TCP/IP (according to operating system)
• TCP/IP Application Audit (FTP and Telnet)
DB2 (v8, v9 and above)
• SMF DB2
• DB2 Log Records
CICS TS (v3.2 and above)
• SAFE/CICS
AIX/System p (IBM AIX 5.3 or higher)
• System Audit
• UNIX DB2
SYSLOG Source (Any SYSLOG sender)
• Routers
• Firewalls
• Antivirus
• Any other SYSLOG sender
Oracle Server (V10 and up)
• SQL Statements
• Oracle System
• Oracle Admin
• Oracle Profiles/Users
• Oracle Procedures
• Data Audit
Linux/System x (all distributions, including Red Hat, CentOS - Kernel version 2.6 or higher)
• System Audit X86
• System Audit 86_64
• System Audit IA64
• System Audit PPC64
• System Audit PPC
• System Audit S390X
• System Audit S390
SAP Application (SAP Business One, SAP Netweaver)
• SAP Application Audit
| Enforcive Cross-Platform Audit (CPA) Requirements
| Enforcive CPA Software Requirements:
1. The CPA Manager must have an NT-based operating system such as Windows Server 2003, Windows Server 2008 (recommended), Windows Server 2000, Windows 2000 workstation or Windows XP.
2. The CPA database can be Microsoft SQL Server 2005/2008 (recommended) or MYSQL or you can use a MS Access database file. If you are interested in using a different database, please contact Enforcive.
3. This configuration will be done on the PC on your network which will contain the CPA database. If your database is going to be MS SQL Server or MYSQL prepare it as follows: a) Create a catalogue called BsafeCPA which will contain the CPA tables.
b) Create a user ‘bsafe’ with full permissions to this catalogue. Assign a password of ‘bsafe'. 4. For data transfer of System i audit data, the PC which will contain the CPA Manager must have IBM Client Access installed and must have the latest service pack installed to access the database.
5. It is recommended to install the CPA Manager where the SQL Server and the CPA Database will be installed.
Enforcive CPA Installation Prerequisites:
1. Make sure the SQL Server authentication is defined as “SQL Server and Windows Authentication mode”.
2. Login to Windows as local administrator where the CPA Manager will be installed.
3. Make sure the TCP/IP communication is open between the PC on which you are going to install the CPA Manager and all participating computers (iSeries, AS/400, etc.)
4. Deactivate the antivirus where the CPA Manager will be installed (only during the installation).
5. Make sure port 55556 is not blocked by the Windows firewall where the CPA Manager will be installed.
6. Dot Net Framework 4.0 must be installed in order to use the Windows Data Providers (agentless).
Enforcive CPA Hardware requirements
1. RAM - at least 1 GB recommended.
2. PC workstation - Pentium 4 or higher recommended.
3. Disk space (for CPA installation) - at least 100 MB recommended.
4. Disk Space (for CPA Database) - approximately 2 GB for each 1 million records imported.
Platform Supported
Windows/Servers (Windows Server 2000/2003/2008)
• Windows Event Logs: Security, Application, DNS, and more
• Windows Active Directory Compliance
• ISA Server logs
• DHCP logs
• IIS Web Server logs
• IBM Lotus Domino
SQL Server (2005/2008)
• SQL Statements
• SQL System Audit
• SQL Data Audit
SQL Server (2000)
• SQL Data Audit
AS/400/i Series/System i (V5R1M0 and above)
• System Audit
• File and Field Audit
• Alerts
• Application Audit
• SQL Statement
• IP Filter
• Compliance
• Message Queue
• History Log
Mainframe/System z (z/OS v 1.9 and above)
• SMF TELNET
• SMF FTP
• SMF VSAM RACF (according to operating system)
• SMF RACF Communication Server TCP/IP (according to operating system)
• TCP/IP Application Audit (FTP and Telnet) DB2 (v8, v9 and above)
• SMF DB2
• DB2 Log Records CICS TS (v3.2 and above)
• SAFE/CICS
AIX/System p (IBM AIX 5.3 or higher)
• System Audit
• UNIX DB2
SYSLOG Source (Any SYSLOG sender)
• Routers
• Firewalls
• Antivirus
• Any other SYSLOG sender
Oracle Server (V10 and up)
• SQL Statements
• Oracle System
• Oracle Admin
• Oracle Profiles/Users
• Oracle Procedures
• Data Audit
Linux/System x (all distributions, including Red Hat, CentOS - Kernel version 2.6 or higher)
• System Audit X86
• System Audit 86_64
• System Audit IA64
• System Audit PPC64
• System Audit PPC
• System Audit S390X
• System Audit S390
SAP Application (SAP Business One, SAP Netweaver)
• SAP Application Audit | | |
|
|
|
