IBM Security Z Security

Hello All,

The question was raised to me as to whether zSecure can be used to forward an LPAR's SYSLOG/OPERLOG to a SIEM.  My response was no, but I was asked if it's part of the roadmap/future release?

My inclination is in order to perform that function, we would need another product (like CDPz) as that would not be in scope for zSecure itself.

Please confirm if my line of thinking is accurate.

Thanks,

------------------------------
Matt Ross
------------------------------

Sorry for the late reply but we would need an Idea for this, in particular explaining what selection/filtering you would want to be able to do to reduce the amount of data, and what the minimum set of fields is that you want us to extract from the messages and pass to the SIEM, and to what extent you want multi-line messages / replies to be raked together into one SIEM message... there are many design issues here to be resolved...

------------------------------
Hans Schoone
Chief Architect zSecure
IBM - zSecure architect
Delft
------------------------------

Original Message:
Sent: Fri March 15, 2024 02:56 PM
From: Matt Ross
Subject: zSecure SYSLOG Forwarding?

Hello All,

The question was raised to me as to whether zSecure can be used to forward an LPAR's SYSLOG/OPERLOG to a SIEM.  My response was no, but I was asked if it's part of the roadmap/future release?

My inclination is in order to perform that function, we would need another product (like CDPz) as that would not be in scope for zSecure itself.

Please confirm if my line of thinking is accurate.

Thanks,

------------------------------
Matt Ross
------------------------------