FREE DOWNLOADS

Home SIFT-IT Detection and Auditing Software
PDF | Print | E-mail

SIFT-IT Enterprise Edition

Enterprise grade detection and log management software for the IBM i that performs real-time monitoring of all types of system and server logs and message queues.   Unlike legacy products that simply harvest journals and archive them to syslog servers, SIFT-IT products can analyze the contents of the logs in order to filter and manage specific events based on granular details.   SIFT-IT has unlimited reformatting and integration capabilites to any enterprise SIEM or detection software and provides remediation tools including automated remediation through system triggers.    SIFT-IT Enterprise Edition includes access to every technical support service offered by Arpeggio Software.

 

 

Features

SIFT-IT Enterprise Edition Features

 

Real-time Detection Analysis and Log Management

SIFT-IT includes a Log Manager that allows your company to monitor for threats and events through analyzing any type of logs on your IBM i in real-time.   The log manager can also monitor and analyze message queues and 3rd party server logs. 

  • System Journals (QAUDJRN)
  • Server Logs (FTP, HTTP, AS2, etc.)

 

Real-time Event Filtering

Unlike simple tools that harvest system journals and only provide basic filtering by journal code, SIFT-IT truly reduces the bottleneck problems facing companies that have too much log information to process.   With SIFT-IT you can define events based on granular details including users, job names, IP addresses, event times (including filtering based on weekends, after hours, etc.), object names, object types and object locations just to name a few.   The filtering options are powerful and allow you either include or exclude events based on your criteria.


Unmatched SIEM and Syslog Integration

Format and translate log messages and move them to any syslog server or SIEM application while complying with the LATEST standards.   Many SIEMs have a difficult time understanding the native translation of the IBM i logs but with SIFT-IT you can specify not only what information is passed but you can pass along custom translation text to make it easier for the SIEM to identify and flag events.   SIFT-IT has the ability to send to multiple SIEMs and syslog servers simultaneously providing enterprise quality log and detection management.

  • Supports RFCs 5424 and 3164
  • Deliver via UDP, TCP and Secure TCP with TLS/SSL
  • Integrate with multiple SIEMs or syslog server simultaneously
  • Translate and reformat logs and insert custom tags/text into log messages

Alarms and Remediation

While you set rules on detecting events, SIFT-IT is already analyzing log information and provides you with the ability to define triggering of alarms and alerts (email, SIEM forwarding, etc.) as well as a console view of events to remediate.   SIFT-IT is the first product available to provide triggers to automate remediation on the IBM i.


BONUS FOR TRAILBLAZER ZMOD Exchange Customers

SIFT-IT is pre-configured to monitor your ZMOD applications with minimal set up work.   Some of the predefined monitoring includes:

  • Real-time monitoring of ZMOD history and session logs
  • Real-time monitoring of ALL Message Queues defined in the ZMOD Broadcast Message List
  • Sample filters for monitoring private key access, unencrypted file access, use of power commands, creation and deletion of objects in ZMOD, etc.

 

 

Diagram

Log Manager

SIFT-IT Enterprise Edition Log Manager

SIFT-IT can monitor any type of IBM i system log, server log or user defined logs in real time.

  • QAUDJRN
  • Any MSGQ (such as QSYSOPR)
  • HTTP and FTP Server Logs
  • EDI-INT Logs
  • ZMOD Exchange Logs from Liaison (formerly TrailBlazer Systems)

 

Filters

Event Filtering

 

With SIFT-IT, it is possible to build filters to monitor for specific events rather than simply harvesting journal records and logs and flinging them to a syslog server.   Until now, the only filtering options provided by software vendors was based on QAUDJRN journal codes.   That level of filtering has been inadequate and tends to overload centralized log servers.   As you can see in the screen below, it is possible to use complex logic to define specific events to monitor.   You can basically filter based on any content within a log message and when that event occurs, you can define the remediation action to take as well as forwarding your customized log message to a specific syslog server.

 


 

Alarms

ARP-MAIL

ARP-MAIL Integration

Enterprise clients have an integrated email notification system using ARP-MAIL.   This feature is valuable in problem resolution and remediation.   For example,  upon detection of an event where you believe a user is doing something suspicious, ARP-MAIL can email the user's session job log to security personnel.    ARP-MAIL offers many features including:

  • Automated email alerts
  • CL Commands to forward job logs for remediation
  • Enhanced notifications that can forward DB2 files, IFS files and SAVE files
  • SMTP Authentication
  • Support for SSL/TLS and STARTTLS connections

Support

Support

Enterprise clients have unlimited access to all available support options including:

  • Phone Support
  • Email Support
  • Online tickets
  • Access to Customer Blogs and FAQs
  • New Enhancement Updates via Twitter
  • Online Access to the Latest Product Updates
  • Collaboration and Idea Sharing with other Enterprise Clients
  • Proactive notification from Arpeggio of Critical fixes (including OS related fixes)

 

Free Edition

SIFT-IT Free Edition

Detection and log management software for the IBM i that monitors QAUDJRN, filters events to a granular level, and can reformat logs and integrate to any SIEM product.  SIFT-IT Free Edition comes with a User Guide but no technical support services.

 

 

SIFT-IT Free Edition Features

  • Monitor QAUDJRN in real time
  • Support for RFCs 3164 and 5424
  • Integrates with Multiple SIEMs and Syslog Servers simultaneously
  • SIEM connections via UDP, TCP and TLS/SSL
  • Granular filtering of events
  • Customized translation and formatting of logs

 

 

 

 

 

Enterprise vs. Free

Comparing SIFT-IT Editions

 

Features                                                   Enterprise         Free
QAUDJRN                                                                    
Message Queues                                                             
Server Logs                                                                
Software Updates                                                           
Phone Support                                                              
Access to Blogs/FAQs                                                       
Online Support Tickets                                                     
User Guide                                                                 
Outputs custom email alerts                                                
Automated remediation (job triggers)                                       
Multiple simulaneous SIEM Support                                          
Granular filtering with "if then" logic                                    
APIs and Utilities

 

 

 

To receive more information on SIFT-IT click here


Privacy Policy | Sitemap | Copyright @ 2013 Arpeggio Software. All rights reserved.