 |
Vanguard Advisor™: Event Detection, Analysis and Reporting
Vanguard Advisor™ offers
the most comprehensive event detection, analysis and reporting
package for the Mainframe environment.
Security Enhancements at Your Fingertips
Vanguard Advisor accesses log data and information from IBM's
Security Server to guide the administrator or analyst in finding and
fixing potential security problems and analyzing security-related
behaviour. Advisor also performs full-time continuous event
monitoring with automated alerting when events are detected that
signal a potential intrusion or weakening of security. Only Advisor
offers a full range of powerful security tools that:
|
■ |
Detect intrusion attempts and automatically send e-mail
messages to resource owners alerting them to an attempted
access by unauthorized users.
|
|
■ |
Dynamically switch between live and extracted log data at
any time from within Advisor for the most flexible data
analysis and reporting.
|
|
■ |
Automatically recreate commands based on log data using
Advisor's Command Journaling feature.
|
|
■ |
Easily create custom report formats for "ad hoc" reporting
from all possible data fields.
|
|
■ |
With a few keystrokes generate and submit jobs for extracts,
command generation, and execution of RACF utilities.
|
|
■ |
Painlessly issue commands to modify the Security Server
database (RACF) without exiting Advisor using Vanguard's
exclusive
SmartLink™ integration
technology that connects Advisor to
Vanguard Administrator's
RACF command capabilities.
|
|
■ |
Take advantage of other advanced features such as report
filtering based on job name, immediate command execution
support, and much more.
|
Enterprise Wide Reporting
Vanguard Advisor, coupled with
Vanguard ez/Integrator™, provides
enterprise wide reporting capabilities. ez/Integrator™ has the
unique capability of capturing events from a variety of
platforms across the enterprise and logging them on a z/OS host
as System Management Facility (SMF) events. Advisor has
reporting geared specifically for SMF log records collected by
ez/Integrator™. This partnership enables users to produce
enterprise wide reports. You no longer have to use multiple
reporting applications, whether purchased or "home grown", to
report on or audit systems in your enterprise.
Powerful Security Reporting and Analysis
Vanguard Advisor makes collecting and analyzing log and Security
Server data easier than ever before, while eliminating the need
to learn complex reporting languages required by less
sophisticated software. Advisor manages summary, detail,
and extended-detail information levels all linked by a fast,
easy-to-use, drill-down engine that allows you to quickly comb
through multiple layers of data. Only Vanguard Advisor
lets you choose to work with either live log records or an
optimized extract database. Either method lets you select from a
wealth of pre-defined summary or detailed reports.
Create custom reports using extensive masking and selection
criteria without programming. Advisor's ability to produce
off-the-shelf or custom reports, together with powerful masking,
multi-level sorting and drill-down capabilities, gives security
personnel unprecedented power to locate and analyze security
events.
Off-the-Shelf Reports
Vanguard Advisor offers a vast library of pre-defined,
customizable reports that meet virtually every security
management information need. Here are just a few:
|
■ |
Resource Access Summary and Detail Reports |
|
■ |
System Entry Summary and Detail Reports |
|
■ |
Data Set Summary By User |
|
■ |
User Summary By Data Set |
|
■ |
Security Server Command Summary and Detail Reports |
|
■ |
Automated Command Scheduler Summary and Detail Reports |
|
■ |
PasswordReset™ Detail Report |
|
■ |
ez/SignOn™ Detail Report |
|
■ |
ez/Integrator™ Detail Report |
|
■ |
SecurityCenter™ Usage Report |
|
■ |
Network Transmissions Events Report |
|
■ |
System IPL Events Detail Selection |
|
■ |
Violation Summary Report |
|
■ |
User Activity Summary Report |
|
■ |
Data Set Activity Report |
|
■ |
General Summary Reports |
Generate Custom Reports with Ease
Want to design your own unique reports? Each detail report is
fully customizable without programming. Almost every data field
is available for selection. Select only the specific fields you
wish to see and position them where you want them. Use one
of three input sources for reporting: Live log files, Extract
log files, or Dumped log files. Vanguard Advisor can also
create reports with no headings and print control, which allows
you to save your reports as flat files for use by other report
generators, databases, and programs.
Bringing Reporting, Audit and Administration Together
When you use Advisor together with Administrator and Analyzer,
you have an integrated security management workbench that
delivers a whole new level of effectiveness to security
practitioners. You can be looking at an Advisor report and
switch seamlessly to Analyzer to check related RACF profile
settings, then move to Administrator to fix a problem found, and
finally back to your Advisor report. Vanguard's proprietary
SmartLink™
technology enables this natural workflow, linking the context
from one product to the corresponding context in another.
With SmartLink the user moves directly to the desired function
in the destination product with the data from the source product
already filled in. No time or motion is lost in navigation
or re-entering data. And you end up back in the same product
context you started in.
Go Live or Extract Log Data
Vanguard Advisor lets you easily switch between live log data or
a fully customizable extract log file at any time. Since
log data can contain huge amounts of information that is not
relevant to your specific search, Advisor lets you define the
exact selection criteria in order to extract and view only the
data you want to see. For example, you can limit extracted
log data to specified jobnames only, or exclude specified
jobnames. Advisor also allows you to merge multiple
Extract log files into one combined file.
Advisor's extract feature has now been enhanced to use
substantially less CPU resources. For large runs, the
savings can exceed 80%.
Violation Notification and Reports via Email
Vanguard Advisor can deliver alerts, violation notices, online
reports, and batch reports in real-time through your Email
system. Using another exclusive Vanguard Enabler
technology called
eDistribution™, you can prepare
specific distribution lists in Advisor to post critical alerts
and reports to specific individuals or groups as soon as they
are generated. Advisor immediately sends alerts and email
violation notices to resource owners should an access violation
occur or an entire violation detail report can be sent
automatically to a pre-designated person or group. Advisor
with eDistribution offers unmatched report flexibility and
notification.
Reconstruct Your Security Net
Have you ever lost valuable staff time and resources recovering
from erroneous transactions? Vanguard Advisor allows you
to reconstruct all or only certain Security Server commands
directly from log data. These commands may then be
executed at your discretion either on the same, or entirely
different, Security Server database; another potential headache
minimized by Advisor.
Unprecedented Masking Power
Vanguard Advisor offers an extensive masking capability for
virtually every field generated in every report. Users can
specify which items to include or exclude on a field-by-field
basis. It also allows the user to perform multiple tests
on multiple fields with AND/OR logic.
Such a powerful masking facility allows the user to select and
tailor report information to show only the information desired.
Vanguard Advisor also supports exception filtering (threshold
limits) on the number of violations, logs, or warnings displayed
for only those events that you determine are critical to your
environment. Once created, masking selection profiles may
be saved and retrieved later for your use when you need them.
TCP/IP Reporting
Vanguard Advisor offers complete reports on all TCP/IP based
activities. Specifically, these reports show the number
and type of file transfer events that have occurred.
Extended Scoping
Have you ever wanted to see all activity for a user within the
administrator's scope, regardless of whether the administrator
has the scope over the resource profiles in question?
Vanguard Advisor's optional extended scoping feature provides
this capability.
DB2 Activity Reporting
The latest release of Vanguard Advisor includes standard batch
and online reports that cover DB2 access authorizations and
revokes and failed access attempts. Activity involving
both RACF and native DB2 security measures are included in these
reports.
back to top
Event Detection, Analysis and Reporting. |
|
