NathanF

PowerTech Interact

Discussion created by NathanF on Nov 30, 2011
Latest reply on Jun 25, 2012 by NathanF

PowerTech Interact sends real time events from the IBM Power Systems running IBM iSeries to syslog in a syslog format. The log data comes from three sources: the OS/400 security audit journal (QAUDJRN), PowerTech security applications, Network Security and Authority Broker, and critical operating system messages.

 

Release Date

What’s New In This Release

11/30/2011

Initial support for PowerTech Interact

12/19/2011

Updated release to include 10 new messages

01/30/2012

Updated XML to included new message types.

02/15/2012

Updated XML to correct a username placement issue.

03/05/2012

Updated XML to include TAF0004 event..

06/25/2012

Converted XML to Content 2.0.

 



Note: Content 2.0 features substantial improvements to the parsing of event data into the various tables that are used for queries and reports. Content 2.0 is the future direction for all event sources within the supported library. For rules and reports, note the following:

-For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports.

-Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing.

-Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten.

-Custom reports may not produce the same results as previously. For guidance on updating custom reports, see the RSA enVision Content Inspection Tool document and the online Help topics that describe the Content 2.0 tables

Attachments

Outcomes