VANGUARD Active Alerts with SIEM

for z/OS, RACF, ACF2, and TSS

Vanguard Active Alerts sends user-specified event driven data to SIEMs, SNMP or SYSLOGD in industry standard formats as requested by the user. VAA sends event driven data to identified target devices, which receives the “real time” information in a timely manner for Compliance, Security and Audit requirements.


The SIEM requirement is driven by customer needs to apply security analytics to event data in real time for the early detection of targeted attacks and data breaches and to collect, store, analyze, and report on log data for incident response, forensics and regulatory compliance.


Vanguard Active Alerts offering provides the ability to continuously monitor security related events at the system and or user-specified level. When an event occurs, Vanguard Active Alerts will notify the SIEM in order for enterprises to take decisive action and make critical business decisions.


SIEM is supported across the Vanguard enterprise security software suite, through our Active Alerts solution. Today we support ArcSight®, CorreLog®, LogPoint® and Splunk® offerings along with any other SIEM capable of consuming SYSLOG formatted messages. Add our Splunk relationship and dashboards .


The SIEM provides a holistic, unified view into not only the infrastructure but also workflow, compliance and log management. SIEM can provide a multitude of capabilities and services efficiently.


At the core, SIEM provides Data Aggregation, Correlation, Alerting, Dashboards, Compliance, Retention, and Forensic Analysis.


Mainframes already share a lot of information about what’s happening (event log, audit log, syslog, etc.), You need to achieve a way to quickly and easily separate critical security incidents from business-as-usual events and send them in the right format to your enterprise SIEM.


Vanguard Active Alerts with SIEM forwards these mainframe log messages in the proper format, as well as those from RACF, ACF2, Top Secret, DB2, CICS, FTP, and z/Linux to Security Information and Event Management (SIEM) systems such as ArcSight, IBM® QRadar®, Splunk®, and others. Mainframe teams must comply with strict audit policies but may not have the time or the resources to filter and format the right data and send it to the enterprise SIEM. Vanguard Alert Connector can help.

Call or Email now for more information!
Telephone: 702.794.0014 Ext. 320


  • Connects with Splunk and its applications.
  • Delivers mainframe data to all conventional SIEM products.
  • Connects with standard z/OS security product.s
  • Monitors z/OS and UNIX System Services (USS).
  • Gathers intelligence from z/OS SMF and the system operator interface.
  • Uses both signature and anomaly-based attack detection.
  • Provides real-time alerts that can be managed, filtered, routed, and searched via SIEM software.
  • APIs allow for defining and filtering TSO, CICS, and batch events.
  • Easy installation does not require z/OS IPLs.
  • A small footprint in each LPAR, with little CPU overhead.