VitalSigns SIEM Agent for z/OS | VSA

Problems that solves

Unauthorized access to corporate IT systems and data

Risk or Leaks of confidential information

Non-existent or decentralized IT incidents' management

Risk of attacks by hackers

Risk of data loss or damage

Non-compliant with IT security requirements

Insufficient risk management


Ensure Security and Business Continuity

Manage Risks

VitalSigns SIEM Agent for z/OS | VSA

Integrate mainframe security events into your existing SIEM solution. Real-Time Mainframe Security Events Delivered to Any Enterprise SIEM.


Recent headlines prove that any business can be hacked. To minimize the risk of a system breach, it's imperative to find security issues now, not hours later after batch jobs are run. VitalSigns SIEM Agent for z/OS (VSA) brings the mainframe into the center of your enterprise security infrastructure – in real time. It quickly and easily separates critical incidents from everyday events so they can be tracked from all corners of the business VSA integrates with standard z/OS security facilities such as RACF, ACF2, and Top Secret to gather detailed information about mainframe security events from all z/OS systems and LPARs in your network.VSA acquires messages in real time from the z/OS system console and SMF (system management facility). Using powerful, field-level SMF filters, the agent determines which SMF events are critical. The agent reformats the data as syslog, CEF, or LEEF events and forwards them to one or two enterprise SIEMs such as Splunk, LogRhythm, QRadar, AlienVault, ArcSight, and many others.The SIEM interprets the data, then delivers it to the people and systems responsible for enterprise security. Your security team has a central, end-to-end view of all the events they need to recognize. VSA can warn about threats before they become headlines. Simplified Compliance and Auditing Enterprise-wide monitoring of security events is critical, not only for tracking malicious activity, but also to attain today's demanding compliance standards. Administrators can define specific items for extra levels of monitoring or auditing: files that contain credit information, for example, or health care details. Mainframe teams can rely on VSA to filter and format the right data to comply with strict audit policies. Compliance. VSA is an invaluable tool to help your business comply with FISMA, GDPR, GLBA, HIPAA, PCI, SOX, and other standards. Administrators can define specific parameters to monitor with more detail and at greater depth, and automatically send data to any enterprise SIEM.
icon-feature Security. With VSA monitoring the mainframes, your security team has a central, enterprise-wide view of all the events they need to capture and all the security threats they need to recognize.
icon-feature Transparency. Mainframe security no longer needs to depend on batch jobs running long after any incident. Events are tracked and uncovered in real time, from all corners of the business. This z/OS SIEM solution is flexible enough to integrate with any distributed SIEM product and is certified for CEF and LEEF formats. VSA is a Ready for IBM Security Intelligence product.   In addition, VSA integrates well and provides mainframe data to these SIEM solutions: Splunk, LogRhythm NextGen SIEM, AlienVault, ArcSight, McAfee® Enterprise Security Manager, and others.

VSA Features

  • Interfaces inrealtime with standard z/OS security products:  ACF2, Top Secret, RACF, DB2, CICS, FTP, TCP/IP, and  others.
  • Monitors z/OS, DB2, and UNIX System Services (USS).
  • Powerful SMF filters identify critical events.
  • Provides real-time alerts to one or two central SIEMs, which interpret the data and route it to the security team.
  • Reduces costs by filtering records and minimizing the number of events sent to the SIEM.
  • APIs allow for defining and filtering TSO, CICS, and batch events.
  • Installs easily and quickly with minimal resources and no z/OS IPLs.
  • Simple or complex monitoring rules are easily defined using ISPF Edit.
  • Uses both signature-based and anomaly-based attack detection.
  • Configuration can be shared by VSA agents running on different LPARs.
  • Small footprint in each LPAR and little CPU overhead.
  • CEF and LEEF certified.

Security Means Watch All the Doors

VSA software agents convert mainframe data to syslog, CEF, or LEEF events for delivery to SIEM technologies or to any other software that uses TCP/IP protocol. The enterprise SIEMs consolidate VSA information with security intelligence from other systems, such as UNIX, Windows, and Cisco. The SIEMs can then analyze and visualize data across the spectrum.You no longer need multiple security teams to guard multiple platforms. You get total visibility into the z/OS environment, as well as distributed and open systems environments.

Scheme of work

 Scheme of work