Event Detection, Analysis and Reporting - Vanguard Advisor™ offers the most comprehensive event detection, analysis and reporting package for the mainframe environment.
Security Enhancements at Your Fingertips
Vanguard Advisor accesses log data and information from IBM's Security Server to guide the administrator or analyst in finding and fixing potential security problems and analyzing security-related behavior. Advisor also performs full-time continuous event monitoring with automated alerting when events are detected that signal a potential intrusion or weakening of security. Only Advisor offers a full range of powerful security tools that:
- Detect intrusion attempts and automatically send e-mail messages to resource owners alerting them to an attempted access by unauthorized users.
- Dynamically switch between live and extracted log data at any time from within Advisor for the most flexible data analysis and reporting.
- Automatically recreate commands based on log data using Advisor's Command Journaling feature.
- Easily create custom report formats for "ad hoc" reporting from all possible data fields.
- With a few keystrokes generate and submit jobs for extracts, command generation, and execution of RACF utilities.
- Painlessly issue commands to modify the Security Server database (RACF) without exiting Advisor using Vanguard's exclusive SmartLink™ integration technology that connects Advisor to Vanguard Administrator's RACF command capabilities.
- Take advantage of other advanced features such as report filtering based on job name, immediate command execution support, and much more.
Enterprise Wide Reporting
Vanguard Advisor, coupled with Vanguard ez/Integrator™, provides enterprise wide reporting capabilities. ez/Integrator™ has the unique capability of capturing events from a variety of platforms across the enterprise and logging them on a z/OS host as System Management Facility (SMF) events. Advisor has reporting geared specifically for SMF log records collected by ez/Integrator™. This partnership enables users to produce enterprise wide reports. You no longer have to use multiple reporting applications, whether purchased or "home grown", to report on or audit systems in your enterprise.
Powerful Security Reporting and Analysis
Vanguard Advisor makes collecting and analyzing log and Security Server data easier than ever before, while eliminating the need to learn complex reporting languages required by less sophisticated software. Advisor manages summary, detail, and extended-detail information levels all linked by a fast, easy-to-use, drill-down engine that allows you to quickly comb through multiple layers of data. Only Vanguard Advisor lets you choose to work with either live log records or an optimized extract database. Either method lets you select from a wealth of pre-defined summary or detailed reports.
Create custom reports using extensive masking and selection criteria without programming. Advisor's ability to produce off-the-shelf or custom reports, together with powerful masking, multi-level sorting and drill-down capabilities, gives security personnel unprecedented power to locate and analyze security events.
Vanguard Advisor offers a vast library of pre-defined, customizable reports that meet virtually every security management information need. Here are just a few:
- Resource Access Summary and Detail Reports
- System Entry Summary and Detail Reports
- Data Set Summary By User
- User Summary By Data Set
- Security Server Command Summary and Detail Reports
- Automated Command Scheduler Summary and Detail Reports
- PasswordReset™ Detail Report
- ez/SignOn™ Detail Report
- ez/Integrator™ Detail Report
- SecurityCenter™ Usage Report
- JES Events Report
- Network Transmissions Events Report
- System IPL Events Detail Selection
- Log Data Lost Report
- Violation Summary Report
- User Activity Summary Report
- Data Set Activity Report
- General Summary Reports
- DB2 Activity Reports
Generate Custom Reports with Ease
Want to design your own unique reports? Each detail report is fully customizable without programming. Almost every data field is available for selection. Select only the specific fields you wish to see and position them where you want them. Use one of three input sources for reporting: Live log files, Extract log files, or Dumped log files. Vanguard Advisor can also create reports with no headings and print control, which allows you to save your reports as flat files for use by other report generators, databases, and programs.
Bringing Reporting, Audit and Administration Together
When you use Advisor together with Administrator and Analyzer, you have an integrated security management workbench that delivers a whole new level of effectiveness to security practitioners. You can be looking at an Advisor report and switch seamlessly to Analyzer to check related RACF profile settings, then move to Administrator to fix a problem found, and finally back to your Advisor report. Vanguard's proprietary SmartLink™ technology enables this natural workflow, linking the context from one product to the corresponding context in another. With SmartLink the user moves directly to the desired function in the destination product with the data from the source product already filled in. No time or motion is lost in navigation or re-entering data. And you end up back in the same product context you started in.
Go Live or Extract Log Data
Vanguard Advisor lets you easily switch between live log data or a fully customizable extract log file at any time. Since log data can contain huge amounts of information that is not relevant to your specific search, Advisor lets you define the exact selection criteria in order to extract and view only the data you want to see. For example, you can limit extracted log data to specified jobnames only, or exclude specified jobnames. Advisor also allows you to merge multiple Extract log files into one combined file.
Advisor's extract feature has now been enhanced to use substantially less CPU resources. For large runs, the savings can exceed 80%.
Violation Notification and Reports via Email
Vanguard Advisor can deliver alerts, violation notices, online reports, and batch reports in real-time through your email system. Using another exclusive Vanguard Enabler technology called eDistribution™, you can prepare specific distribution lists in Advisor to post critical alerts and reports to specific individuals or groups as soon as they are generated. Advisor immediately sends alerts and email violation notices to resource owners should an access violation occur or an entire violation detail report can be sent automatically to a pre-designated person or group. Advisor with eDistribution offers unmatched report flexibility and notification.
Reconstruct Your Security Net
Ever lost valuable staff time and resources recovering from erroneous transactions? Vanguard Advisor allows you to reconstruct all or only certain Security Server commands directly from log data. These commands may then be executed at your discretion either on the same, or entirely different, Security Server database. Another potential headache minimized by Advisor.
Unprecedented Masking Power
Vanguard Advisor offers an extensive masking capability for virtually every field generated in every report. Users can specify which items to include or exclude on a field-by-field basis. It also allows the user to perform multiple tests on multiple fields with AND/OR logic.
Such a powerful masking facility allows the user to select and tailor report information to show only the information desired. Vanguard Advisor also supports exception filtering (threshold limits) on the number of violations, logs, or warnings displayed for only those events that you determine are critical to your environment. Once created, masking selection profiles may be saved and retrieved later for your use when you need them.
Vanguard Advisor offers complete reports on all TCP/IP based activities. Specifically, these reports show the number and type of file transfer events that have occurred.
Have you ever wanted to see all activity for a user within the administrator's scope, regardless of whether the administrator has the scope over the resource profiles in question? Vanguard Advisor's optional extended scoping feature provides this capability.
DB2 Activity Reporting
The latest release of Vanguard Advisor includes standard batch and online reports that cover DB2 access authorizations and revokes and failed access attempts. Activity involving both RACF and native DB2 security measures are included in these reports.