PowerTech Interact sends real time events from the IBM Power Systems running IBM iSeries to syslog in a syslog format. The log data comes from three sources: the OS/400 security audit journal (QAUDJRN), PowerTech security applications, Network Security and Authority Broker, and critical operating system messages.
What’s New In This Release
|Initial support for PowerTech Interact|
|Updated release to include 10 new messages|
|Updated XML to included new message types.|
|Updated XML to correct a username placement issue.|
|Updated XML to include TAF0004 event..|
|Converted XML to Content 2.0.|
Note: Content 2.0 features substantial improvements to the parsing of event data into the various tables that are used for queries and reports. Content 2.0 is the future direction for all event sources within the supported library. For rules and reports, note the following:
-For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports.
-Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing.
-Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten.
-Custom reports may not produce the same results as previously. For guidance on updating custom reports, see the RSA enVision Content Inspection Tool document and the online Help topics that describe the Content 2.0 tables