CorreLog Announces New Release of SIEM Agent for IBM z/OS, Version 5.5.3

Share Article

The newest version of CorreLog’s SIEM agent for z/OS includes several enhancements such as IND$FILE event auditing and additional filtering capabilities. This latest release also features an expanded footprint with certified integration to RSA Security Analytics.

We are looking forward to demonstrating the Agent's capabilities at SHARE in Orlando. Sharing this upgrade with our customers, prospects, partners and the media at SHARE will be one of the highlights of the year for us.

CorreLog, the leader in multi-platform IT security event management, today announced a major new release for its CorreLog SIEM Agent for IBM z/OS. Version 5.5.3 has significant new features incorporated into this latest product release.

CorreLog SIEM Agent for z/OS (SIEM Agent) Version 5.5.3 Release Details

This new version expands the interoperability of SIEM Agent to include an EMC-certified connector for RSA Security Analytics. With these two additional integrations, SIEM Agent is now able to send real-time event messages from z/OS to the following SIEM platforms:

  •     IBM® Security QRadar®
  •     HP ArcSight
  •     EMC RSA Security Analytics
  •     LogRhythm
  •     Intel Security McAfee
  •     Dell SecureWorks
  •     Solutionary (Managed Security Service Provider)
  •     And several others including CorreLog SIEM

The new release of CorreLog SIEM Agent for z/OS version 5.5.3 incorporates a new audit function for IND$FILE plus advanced filter support.

  •     IND$defender™ for IND$FILE Auditing

The new CorreLog IND$defender component is a tool for auditing the use of IND$FILE, a widely-used 3270-PC file transfer program that runs as a TSO command and lets a mainframe terminal session user download or upload a z/OS dataset between their PC and the mainframe. Within the current RACF (z/OS access control and auditing program) capabilities, there is no mainframe audit log (a.k.a. “SMF record”) issued when a 3270-PC emulator downloads/uploads a file or program to a mainframe. CorreLog’s IND$defender audits this type of transaction and assigns a newly-created SMF record for CorreLog (#202) to the event and forwards the event in real time to the SIEM system. SMF 202 has been reserved by CorreLog through IBM specifically for IND$Defender.

  •     Agent FILTER support

The CorreLog Agent for z/OS FILTER feature allows customers to limit the events forwarded by the Agent from z/OS to their SIEM or managed security services provider (MSSP) by specifying logical event filter criteria. This latest release of the SIEM Agent FILTER allows customers to “throttle down” events sent to their SIEM for a variety of reasons such as limiting network bandwidth utilization or filtering only those events that are relevant to a customer's particular security or compliance needs. This new filtering function allows customers to remove unwanted “noise” or to match events for the inclusion of certain SMF records.

CorreLog Featuring SIEM Agent for z/OS at SHARE Orlando, Aug. 9 – 14

CorreLog will demo the new release of the SIEM Agent for z/OS at booth 411 during the SHARE in Orlando conference. The SHARE in Orlando 2015 conference will be held August 9 – 14 at the Walt Disney World Swan and Dolphin Resort.

The install package for CorreLog Agent for IBM z/OS is less than 1 megabyte and systems can be upgraded in just a few hours, depending on the number of LPARs involved. Please email CorreLog at support(at)correlog(dot)com for the new version 5.5.3 of SIEM Agent and the CorreLog support team will contact you within 24 hours of your inquiry.

“The new release is one we know our customers will immediately leverage. Providing more IND$FILE auditing and enhanced filtering are functions designed to improve security and compliance while reducing costs,” said George Faucher, CorreLog president and CEO. “We are looking forward to demonstrating the Agent's capabilities at SHARE in Orlando. Sharing this upgrade with our customers, prospects, partners and the media at SHARE will be one of the highlights of the year for us.”

More information on CorreLog products can be found at

About CorreLog:

CorreLog, Inc. is the leading ISV for cross-platform IT security log management and event log correlation. The core products in the CorreLog solution suite are:

1.    CorreLog SIEM Agent for IBM z/OS™
2.    CorreLog Visualizer for IBM z/OS™
3.    CorreLog SIEM Correlation Server™

SIEM Agent for IBM z/OS resides in a mainframe LPAR and in real time, converts mainframe security events such as RACF, ACF2, Top Secret and DB2 accesses to distributed syslog format for enterprise SIEM systems. For enterprises that need extended mainframe visibility for users that don’t have access to their SIEM, CorreLog offers Visualizer for z/OS which delivers live mainframe security dashboards through any standard web browser.

The CorreLog SIEM Correlation Server delivers enterprise log management with a best-in-class event correlation engine. CorreLog SIEM Server operates across Windows, UNIX, and Linux platforms and helps identify anomalous behavior and security policy violations by collecting and correlating user activity logs and various system event data. Each of these CorreLog solutions have been designed to adhere to standards set forth by PCI DSS, HIPAA, IRS Pub. 1075, SOX, GLBA, FISMA, NERC and many other regulatory standards. For more information on CorreLog products, please visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Tony Perri
Visit website