IBM i SIEM Integration - Best Practices for Your Data Management - Mel Zucker
Enterprise System Information and Event Management (SIEM) products collect system activity information from organizational network servers and devices, and aggregate that collected data to detect threats, discover security trends, and alert IT management to possible network issues. SIEM solutions such as Splunk, Imperva, QRadar, and others, allow you to gain a clearer picture of your security and user activity.
IBM i collects its own SIEM data from its audit journals (QAUDJRN), operating system exit points, malware & anti-virus software, firewalls, and other sources. IBM i SIEM data can and should be included in SIEM security analytics, reporting, and forensics. But understanding what IBM i data should be sent to SIEM servers and managing SIEM transmission can be a difficult and time-consuming process.
Join this live Webinar where SEA’s Mel Zucker discusses what IBM i data should be sent to an enterprise SIEM product and the best ways to find, select, and transmit data from the IBM i server to a SIEM solution. Topics include:
- Why you must send IBM i data to a SIEM solution
- Knowing the difference between SIEM logging vs Local data logging
- What security and event data should be sent to an SIEM server…and what shouldn’t
- Integrating your IBM i system with a SIEM product
- Key criteria to consider for transmitting SIEM data from the IBM i.
- An overview into iSecurity Syslog capabilities for transmitting audit logs, remote activity, and other critical information
enior IBM i Solutions Engineer, Software Engineering of America
Mel Zucker has been a Senior IBM i Solutions Engineer with Software Engineering of America for the past 9 years. Prior to joining SEA, Mel was a member of the IBM team supporting their line of midrange products for over 30 years. While at IBM, Mel was the recipient of multiple IBM Means Service and System Engineering Achievement awards.