Consul
Consul mainframe plug-ins: zAudit
Audit and Monitoring.
Consul InSight zAudit is the mainframe (RACF and ACF2) event and status-auditing component of Consul InSight Security Manager. Consul InSight zAudit performs security analysis, event reporting, and system integrity analysis for mainframe sites that run z/OS and RACF or ACF2. It highlights security relevant system events and identifies inconsistencies that create security exposures.
zAudit features include:
Easy Analysis
- Automated security scan
- Change management support, shows changes before they become a problem
- “What if” analysis on proposed changes in system or settings
- “Trust analysis” to understand which users and resources have highly authorized relationships (why and how)
Latest Knowledge
- Up to date with latest z/OS improvements and risks
- One interface, one language
- Knowledge-base on mainframe hacking methods
Fast Reporting
- Instant reports about RACF, ACF2, SMF, z/OS and USS
- SMF reports to identify trends
- Easy to build custom reports
- Email distribution of reports
Consul InSight zAudit RACF
Consul InSight zAudit RACF looks at both the SMF records and RACF information, so the exceptions are separated from the insignificant data, and information can be presented to the person responsible for an event, not just to the central administrator. zAudit has an email notification option, in which, zAudit RACF will email a report automatically to a predefined recipient or list of recipients when an exception occurs. Monitoring the security of your mainframe, responding to abnormalities and fixing faulty definitions can now be achieved by a single, cost-effective procedure.
zAudit RACF also enables the administrator to audit security definitions of UNIX on the mainframe. It automatically finds problems in the security definitions in the UNIX subsystem.
Once this information is collected, reports are automatically generated either in Consul InSight zAudit RACF or they are transferred to Consul InSight Security Manager were they can be displayed with your entire IT environment.
Consul InSight zAudit ACF2
Consul InSight zAudit ACF2 uses Consul zCollect to gather information about the z/OS operating system. Consul zCollect finds all relevant control blocks and data sets automatically without the help of the system staff, and stores them in a snapshot file for cross-referencing, comparing systems, and historical analysis.
zAudit ACF2 provides auditors, operations analysts and system programmers with reporting and analysis functions that allow them to make certain the security of the system is sound. It shows the ACF2 Logon IDs and identifies questionable definitions, lists the Access Rules by rule or by rule line, displays the global systems options and highlights dangerous settings.
Reports can be emailed for review or you have the option of having emails sent only when specific events occur or when there is a security breach. By having the reports emailed they are accessible immediately. The reports for zAudit ACF2 are also in HTML format, which allows for them to be saved directly on the web server, thus allowing the reports to be accessible through the intranet. This means the reviewer no longer has to log into the mainframe, and gives the user the mobility in accessing the reports. These reports can also be generated in Consul InSight Security Manager where your mainframe activity can be seen in conjunction with your distributed systems.
Business Benefit:
- Customizable Reports
Customising reports guarantees that you receive and view only the information that is important to you and your organization. - Status and Event Reporting
Consul InSight zAudit provides both status audit and event audit reporting. By having both you are able to better see holes in your security system and potential threats. - Reduce Cost
To operate Consul InSight zAudit you do not need to be a mainframe expert. Report analysis does not require an expensive expert in order to interpret.