IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Support of Custom Alerts

    Posted 5 days ago

    We have some concerns around producing our own custom alerts. 

    Firstly these will need support and the the alert process is perhaps more complex than mere CARla queries. We have seen that many custom alerts are modified versions of standard alerts. However, any maintenance applied to the base alert would likely also need to be applied to the custom alert based on it. This can be tricky.

    Secondly, we wonder if there is any store where proven custom alerts can be made public; thus avoiding re-inventing something someone else has done. 

    What do others think?

    Lennie



    ------------------------------
    Lennie Dymoke-Bradshaw
    ------------------------------


  • 2.  RE: Support of Custom Alerts

    Posted 2 days ago

    Hi Lennie,

    I understand your first point.  Perhaps someone on here with experience in this area can give some suggestions.  I don't think there is a place to store alerts that people create.  We have looked at this concept for other things but it is very difficult, especially from the legal side.  I'd be interested to hear what others think as well.



    ------------------------------
    Michael Zagorski
    Program Director - IBM Z Security
    IBM
    ------------------------------

    Original Message


  • 3.  RE: Support of Custom Alerts

    Posted 20 hours ago

    I'm looking at this to add additional details to an alert.

     

    Example  Service Account,  who's the owner of the account is something we would like to be included.

    Same for TSO accounts,   since here TSO is a separate account from the Users Account as its deemed a Privileged account

    We keep this data in CSDATA for each account.

     

    As we get more into dataset/resource ownership same thing there.  Pulling the owner from CSDATA

    Also, Application it associated with.

     

    Basically augmenting existing alerts to make it easier for our SOC to reach out to the correct owner or management as appropriate.

     

     

     

     

    Thank you,

     

    Mainframe Security Engineering can not accept work request via eMail or Webex,  you must submit a MyIT request for Security Changes.

     

    Sandra Carroll

    ETS Technical Lead,
    Mainframe Security Engineering (MFSE)

    Enterprise Technology Services; Application Hosting
    Mainframe_Security_Engineering@navyfederal.org
    w 614-600-7053  


      

     

     




    Original Message


Related Content