Vanguard Privileged Access Monitoring (VPA) monitors Privileged Users, data set and general resource access in both RACF and ACF2, monitors ESM commands, z/OS commands, started tasks and logon/initializations events of interest for security and/or auditing purposes.

VPA allows you to specify selection criteria to help you narrow the scope of interest to you. You can specify such criteria as data set and general resource profiles/rules, audit attributes (such as successful read or failed updated) of those files, RACF/ACF2 IDs, as well as the use of attributes of those users (such as Special, Operations for RACF and Non-CNCL, Account, Leader for ACF2) and z/OS commands.

Criteria selection accomplished through the online interface available on the VSS Main Menu. This option allows you to create criteria by which VPA will keep user activity on for reporting purposes as well as used for reducing the scope of reporting.

VPA also allows for multi-system activity collection and reporting from a single system through the use of automated collection of privileged activity into a single-system-reporting master file. This allows auditors a single-pane for reporting on all system activity.

The VPA report function uses Vanguard QuickGen to give you flexibility in generating user reports. Six standard reports are delivered and can be used as models for custom reporting. Data can be exported into a Comma Separated Value (CSV) file that can be imported into an application for processing.

• VPA monitors data sets, general resource access, RACF, ACF2, z/OS commands and tasks.
• Specifies selection criteria to narrow the scope of the user’s interest.
• VPA will specify criteria, such as data set name, general resource name, and audit attributes.
• Specify selected criteria by using the online interface available on the VSS main menu.
• The criteria selection process may also be manually created.