CorreLog, Inc. announces acceptance of CorreLog SIEM Agent for z/OS into the IBM Ready for Security Intelligence Program

Share Article

IBM’s Ready for Security Intelligence Program verifies that CorreLog SIEM Agent has a validated, certified integration to IBM® Security QRadar® SIEM and can process LEEF events.

IBM Security Intelligence logo
IBM's Q/A and testing process is extensive and very thorough so it was impressive to see the CorreLog SIEM Agent make it to certification in just a few weeks.

CorreLog, the leader in multi-platform IT security event log management, today announced its SIEM Agent for IBM z/OS has been accepted into the IBM Ready for Security Intelligence Program. The CorreLog SIEM Agent is a software program that resides on a z/OS LPAR and converts SMF records in real time to standard SIEM (Security Information & Event Management) syslog message format for enterprise security software systems such as IBM® Security QRadar® SIEM. SMF records provide critical information about a z/OS environment including Security, DB2, performance, resource utilization, TCP/IP statistics, FTP activity and other user/system events that can be used to assess the health and security of the mainframe.

The approval for IBM Ready for Security Intelligence Program means that the CorreLog SIEM Agent has been tested and certified by IBM to deliver live z/OS SMF data to QRadar SIEM as Log Event Extended Format or LEEF events. A key to this certification was the development of a Device Support Module or DSM for the CorreLog SIEM Agent that allows QRadar to parse events from z/OS in real time for security auditing and event log correlation. The use of the CorreLog SIEM Agent to deliver live SMF data into QRadar is unique to mainframe technology because:

1. z/OS isolation from distributed SIEM systems like QRadar within datacenters creates silos of information and work process – the human resources are different so they rarely interact across departments.
2. z/OS mainframe reporting programs are not run in real time, making real-time SMF record data transmission to SIEM systems like QRadar impossible.

The CorreLog SIEM Agent for z/OS resides on a mainframe LPAR and no additional message processing is needed once the SMF-to-syslog conversion takes place. The SMF record is converted to syslog format in the SIEM Agent and is pushed from the z/OS LPAR directly into the distributed QRadar SIEM system. The mainframe security event becomes available in the QRadar dashboard in real time alongside other Windows, UNIX, Linux or syslog-generating device.

“It is a privilege to be part of IBM’s Ready for Security Intelligence Program,” said George Faucher, President and CEO of CorreLog. “Their Q/A and testing process is extensive and very thorough so it was impressive to see the SIEM Agent make it to certification in just a few weeks. This is a testament to the integrity of the code and the value of real-time mainframe event data being made available to for SIEM systems like QRadar, ArcSight, Splunk, McAfee ESM, and others.”

SIEM Agent installs quickly, uses minimal resources, and does not require extensive training, ongoing maintenance or administration. SIEM Agent allows users to select from a myriad of events including TSO Logons, Production Job ABENDs, TCP/IP Connections, FTP File Transfers, CA Top Secret, ACF2, RACF and DB2 accesses. SIEM Agent facilitates compliance requirements from PCI DSS, HIPAA, SOX, FISMA, NERC, and IRS Pub. 1075.

CorreLog SIEM Agent for IBM z/OS monitors DB2 using dbDefender™, delivering up-to-the-second database activity monitoring (DAM) for DB2. DAM capabilities in dbDefender™ include privileged-user monitoring, recording invalid access attempts, auditing creation/deletion of system-level objects, commands and SQL statements, and other attempts to alter the secure state of DB2.

CorreLog offers a 30-day trial version of the SIEM Agent for z/OS. For more information on the trial version, please click here. For product details on the CorreLog SIEM Agent for z/OS, please click here.

About CorreLog:

CorreLog, Inc. is the leading independent software vendor (ISV) for IT security log management and event correlation spanning both distributed and mainframe platforms. CorreLog's flagship products are CorreLog Server™, SIEM Agent™ for z/OS, and dbDefender™. CorreLog Server leverages its unique correlation engine that manages user/system event logs through Syslog, Syslog-NG, and SNMP protocols. SIEM Agent converts mainframe SMF data to distributed syslog format for real-time transmission to security information and event management (SIEM) systems. dbDefender provides real-time DB2 data to SIEM systems for real-time, enhanced visibility to the secure state of DB2.

For auditing and forensics, CorreLog solutions facilitate regulatory requirements set forth by PCI DSS, HIPAA, Sarbanes-Oxley, IRS Pub. 1075, FISMA, NERC, NCUA, and many other standards. CorreLog markets its solutions through both direct sales channels and indirect partner channels. For more information on CorreLog products, please visit

About IBM Ready for Security Intelligence Program:

From the IBM website: Ready for IBM Security Intelligence helps promote a vibrant ecosystem to nurture and support Business Partner products that extend the core value of IBM Security solutions for the design, development, and delivery of software and systems to support new security capabilities for customers.

Technology collaboration and integration helps to increase security coverage, collapse silos of information, and increase situational awareness and insights. With the PartnerWorld program and Ready for Security Intelligence validation, IBM supports collaboration with our Business Partners to enable the integration of product capabilities and improved security capabilities for mutual customers.

Achieving Ready for IBM Security Intelligence shows clients that the partner solution has been validated against IBM specifications for integration with IBM Security products. Click here for more information.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Tony Perri
Visit website