SIFT-IT Enterprise Edition
Enterprise grade detection and log management software for the IBM i that performs real-time monitoring of all types of system and server logs and message queues. Unlike legacy products that simply harvest journals and archive them to syslog servers, SIFT-IT products can analyze the contents of the logs in order to filter and manage specific events based on granular details. SIFT-IT has unlimited reformatting and integration capabilites to any enterprise SIEM or detection software and provides remediation tools including automated remediation through system triggers. SIFT-IT Enterprise Edition includes access to every technical support service offered by Arpeggio Software.
SIFT-IT Enterprise Edition Features
Real-time Detection Analysis and Log Management
SIFT-IT includes a Log Manager that allows your company to monitor for threats and events through analyzing any type of logs on your IBM i in real-time. The log manager can also monitor and analyze message queues and 3rd party server logs.
- System Journals (QAUDJRN)
- Server Logs (FTP, HTTP, AS2, etc.)
Real-time Event Filtering
Unlike simple tools that harvest system journals and only provide basic filtering by journal code, SIFT-IT truly reduces the bottleneck problems facing companies that have too much log information to process. With SIFT-IT you can define events based on granular details including users, job names, IP addresses, event times (including filtering based on weekends, after hours, etc.), object names, object types and object locations just to name a few. The filtering options are powerful and allow you either include or exclude events based on your criteria.
Unmatched SIEM and Syslog Integration
Format and translate log messages and move them to any syslog server or SIEM application while complying with the LATEST standards. Many SIEMs have a difficult time understanding the native translation of the IBM i logs but with SIFT-IT you can specify not only what information is passed but you can pass along custom translation text to make it easier for the SIEM to identify and flag events. SIFT-IT has the ability to send to multiple SIEMs and syslog servers simultaneously providing enterprise quality log and detection management.
- Supports RFCs 5424 and 3164
- Deliver via UDP, TCP and Secure TCP with TLS/SSL
- Integrate with multiple SIEMs or syslog server simultaneously
- Translate and reformat logs and insert custom tags/text into log messages
Alarms and Remediation
While you set rules on detecting events, SIFT-IT is already analyzing log information and provides you with the ability to define triggering of alarms and alerts (email, SIEM forwarding, etc.) as well as a console view of events to remediate. SIFT-IT is the first product available to provide triggers to automate remediation on the IBM i.
BONUS FOR TRAILBLAZER ZMOD Exchange Customers
SIFT-IT is pre-configured to monitor your ZMOD applications with minimal set up work. Some of the predefined monitoring includes:
- Real-time monitoring of ZMOD history and session logs
- Real-time monitoring of ALL Message Queues defined in the ZMOD Broadcast Message List
- Sample filters for monitoring private key access, unencrypted file access, use of power commands, creation and deletion of objects in ZMOD, etc.
SIFT-IT Enterprise Edition Log Manager
SIFT-IT can monitor any type of IBM i system log, server log or user defined logs in real time.
- Any MSGQ (such as QSYSOPR)
- HTTP and FTP Server Logs
- EDI-INT Logs
- ZMOD Exchange Logs from Liaison (formerly TrailBlazer Systems)
With SIFT-IT, it is possible to build filters to monitor for specific events rather than simply harvesting journal records and logs and flinging them to a syslog server. Until now, the only filtering options provided by software vendors was based on QAUDJRN journal codes. That level of filtering has been inadequate and tends to overload centralized log servers. As you can see in the screen below, it is possible to use complex logic to define specific events to monitor. You can basically filter based on any content within a log message and when that event occurs, you can define the remediation action to take as well as forwarding your customized log message to a specific syslog server.
Enterprise clients have an integrated email notification system using ARP-MAIL. This feature is valuable in problem resolution and remediation. For example, upon detection of an event where you believe a user is doing something suspicious, ARP-MAIL can email the user's session job log to security personnel. ARP-MAIL offers many features including:
- Automated email alerts
- CL Commands to forward job logs for remediation
- Enhanced notifications that can forward DB2 files, IFS files and SAVE files
- SMTP Authentication
- Support for SSL/TLS and STARTTLS connections
Enterprise clients have unlimited access to all available support options including:
- Phone Support
- Email Support
- Online tickets
- Access to Customer Blogs and FAQs
- New Enhancement Updates via Twitter
- Online Access to the Latest Product Updates
- Collaboration and Idea Sharing with other Enterprise Clients
- Proactive notification from Arpeggio of Critical fixes (including OS related fixes)
SIFT-IT Free Edition
Detection and log management software for the IBM i that monitors QAUDJRN, filters events to a granular level, and can reformat logs and integrate to any SIEM product. SIFT-IT Free Edition comes with a User Guide but no technical support services.
SIFT-IT Free Edition Features
- Monitor QAUDJRN in real time
- Support for RFCs 3164 and 5424
- Integrates with Multiple SIEMs and Syslog Servers simultaneously
- SIEM connections via UDP, TCP and TLS/SSL
- Granular filtering of events
- Customized translation and formatting of logs
Comparing SIFT-IT Editions
Features Enterprise Free
Access to Blogs/FAQs
Online Support Tickets
Outputs custom email alerts
Automated remediation (job triggers)
Multiple simulaneous SIEM Support
Granular filtering with "if then" logic
APIs and Utilities