Raz-Lee Updates AP-Journal Fraud-Detection Tool
February 28, 2012 Alex Woodie
Raz-Lee Security has added a range of new features to AP-Journal, a DB2/400 audit trail utility that’s useful for detecting potentially fraudulent activity. Better integration with security information and event management (SIEM) tools and expanded coverage beyond data to IBM i objects and application files mark the new release.
AP-Journal was first unveiled nearly four years ago to help IBM i shops clamp down on unauthorized and fraudulent activity on corporate computer systems. The software works with IBM i journaling to monitor field-level changes in certain sensitive DB2/400 data files, such as an employee’s salary. A series of filters allows administrators to determine the allowable variance in the monitored field’s value before it sets off a trigger. For example, if a change to a field exceeds the limit–such as a salary being increased by more than 10 percent–AP-Journal automatically sends an e-mail to the administrator notifying him or her of the change.
High-volume monitoring of critical files got a boost with the latest release of AP-Journal when Raz-Lee added a new “mass mode” alerting feature for SIEM products. According to Raz-Lee, in mass mode, AP-Journal can send up to 2,000 Syslog alerts per second to a third-party SIEM product, while using less than 1 percent of CPU.
This release also brings support for monitoring changes to objects and file members, including data areas and the IFS. Raz-Lee says it has added additional journal codes that correspond with the new coverage areas.
AP-Journal has also added support for monitoring file structures in applications, “including replaceable layouts in relatively long legacy records, which use internal pointers to fields within the record,” Raz-Lee says.
Finally, this release adds a developer-oriented feature that allows the developer to code field-specific exit routines that determine, in real time, whether to filter specific journal records. For more information, see the vendor’s website at www.razlee.com.