IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Access Monitor - First occurrenc == Last occurrence

    Posted Tue September 30, 2025 03:01 AM

    Hello,

    I have strange impression that the Access Monitor 3.1 on the panels shows the "First occurrenc" equal "Last occurrence" - if all actions have been done in the one Lpar during whole day.

    Could you pls check on your side.

    Thank you

    Slawomir Bujniak



    ------------------------------
    Regards
    Sławomir Bujniak
    ------------------------------


  • 2.  RE: Access Monitor - First occurrenc == Last occurrence

    Posted Tue September 30, 2025 03:47 AM
    Edited by Rob van Hoboken Tue September 30, 2025 03:54 AM

    Hi Slawomir

    Access Monitor generates a consolidated output data set, where actions with an identical value for CLASS, RESOURCE, ACCESS_PROFILE, USERID, INTENT, and all the FLAGS, are scraped into one record, and the Occurrences value shows how may events there were.  With only 1 record, there is only one timestamp: the date/time of the last occurrence.

    Of course, at the higher summary levels, the fist occurrence and last occurrence applies to multiple data sets (and multiple intent values) so you should see a difference between the columns, but at the deepest summary  level, they are the same for 1 input data set.  With multiple input ACCESS data sets, you should see different dates.

    ------------------------------
    Rob van Hoboken
    ------------------------------



  • 3.  RE: Access Monitor - First occurrenc == Last occurrence

    Posted Wed October 01, 2025 03:09 PM

    Hi Rob,

    Thank you.



    ------------------------------
    Regards
    Sławomir Bujniak
    Kyndryl
    ------------------------------

    Original Message


Related Content