Vanguard Privileged Access Monitoring
Vanguard Privileged Access Monitoring (VPA) monitors Privileged Users, data set and general resource access in both RACF and ACF2, monitors ESM commands, z/OS commands, started tasks and logon/initializations events of interest for security and/or auditing purposes.
VPA allows you to specify selection criteria to help you narrow the scope of interest to you. You can specify such criteria as data set and general resource profiles/rules, audit attributes (such as successful read or failed updated) of those files, RACF/ACF2 ids, as well as the use of attributes of those users (such as Special, Operations for RACF and Non-CNCL, Account, Leader for ACF2) and z/OS commands.
Criteria selection accomplished through the online interface available on the VSS Main Menu. This option allows you to create criteria by which VPA will keep user activity on for reporting purposes as well as used for reducing the scope of reporting.
VPA also allows for multi-system activity collection and reporting from a single system through the use of automated collection of Privileged activity into a single system reporting Master File. This allows auditors a single pane for reporting on all systems activity.
The VPA report function uses Vanguard QuickGen to give you flexibility in generating user reports. Six standard reports are delivered and can be used as models for custom reporting. Data can be exported into a Comma Separator Value (CSV) file that can be imported into an application for processing.
- VPA allows you to monitor privileged users, data sets, general resource access, RACF or ACF2, z/OS commands and task (TSO, STC, Batch, start and stop events).
- Allows you to specify selection criteria to narrow the scope of interest.
- Can specify criteria as DS, GR name, audit attributes.
- Specify attributes of RACD userid, ACF2 logonid (Special, Operations for RACF and Account, Leader for ACF2) and z/OS commands.
- Specify selected by using online interface available on the VSS main menu. (allows you to create criteria for creating the Filtered HMF or reporting).
- Can also be manually created.
- Criteria for creating Filtered HMF must be saved as a member in the Operations Library using the name VPAFLTxx where xx is any two characters supported as a PDS or PDSE member name. VPA report function uses Vanguard QuickGen.
- Single pane view for all systems through the use of Vanguard’s VAD stc and a Master reporting file.