OA40009: SSE QRADAR SIEM INTEGRATION

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as new function.

Error description

  • SSE QRadar SIEM integration
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All customers requiring zSecure to interface *
    *                 with QRadar SIEM.                            *
    ****************************************************************
    * PROBLEM DESCRIPTION: NEW FUNCTION                            *
    *                      .                                       *
    *                      Integration of zSecure Audit with       *
    *                      QRadar SIEM for z/OS, RACF, ACF2, Top   *
    *                      Secret, DB2, and CICS.                  *
    *                      .                                       *
    *                      This new function also makes the        *
    *                      JAVA_SIMPLEDATE format available in     *
    *                      zSecure.                                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    zSecure Audit is to be enhanced so as to transform SMF records
    into the Log Event Enhanced Format records required for input to
    QRadar SIEM.
    

Problem conclusion

Temporary fix

Comments

  • zSecure Audit has been enhanced to transform SMF records into
    the Log Event Enhanced Format (LEEF) records required for input
    to QRadar SIEM.
    -
    PLEASE NOTE the following documentation change for
    Security zSecure Suite:  CARLa-Driven Components Version 1.13
    Installation and Deployment Guide (SC14-7662-00)
    -
    A new chapter has been added:
      Setting up data preparation for QRadar SIEM
    -
    Futher information can be located at this URL:
      http://www.ibm.com/support/docview.wss?uid=swg21606082
    

APAR Information

  • APAR number

    OA40009

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    1D0

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function

  • Submitted date

    2012-07-23

  • Closed date

    2012-07-27

  • Last modified date

    2012-08-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA66091

Modules/Macros

  • CKRFMT   CKRINMO  CKRINS2  CKROUBU  CKROUNIT
    CKRPRTFL CKRZPOST C2ECQRLF C2EEQRFH C2EJQRLF C2ELEEF  C2ELENV
    C2EQAENV C2EQAUSA C2EQAUSR C2EQAUST C2EQCES  C2EQENV  C2EQFIN
    C2EQRENV C2EQSPEC C2EQTENV C2EQXES  C2EQ0ES  C2R$PARM
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R1D0 PSY UA66091

       UP12/07/31 P F207

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security zSecure Admin
zSecure Admin

Software version:

1D0

Reference #:

OA40009

Modified date:

2012-08-08

Translate my page

Machine Translation

Content navigation