• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Townsend Security Turns Over a New LEEF

    November 18, 2015 Alex Woodie

    Townsend Security‘s Alliance LogAgent software now speaks Log Event Extended Format (LEEF), a data format used by IBM‘s QRadar security information and event monitoring (SIEM) software. The two companies’ integration and development work will dramatically reduce the time spent training QRadar to understand security events happening on IBM i, says Townsend Security founder and CEO Patrick Townsend.

    Practically every SIEM product on the planet supports the industry standard Syslog format. Townsend’s software can convert IBM i event data, such as events logged to the QAUDJRN, into the Syslog format so it can be consumed by 35 or so SIEMs and other network security devices that customers have used with it.

    But as Townsend explains, there’s a big difference between compatibility and productivity.

    “People who deploy these SIEM solutions have dozens to hundreds of different devices–firewalls, routers, PCs, Macs, servers of different kinds–and all those different types of events are going to the SIEM, which has to understand them and sort it out,” Townsend says. “People who deploy SIEM solutions spend a lot of time, sometimes months, training the SIEM solution to recognize the events and know how to interpret them.”

    The QRadar team created the LEEF format to help shortcut that training cycle. By generating event data in the LEEF format (or converting it after the fact, as Alliance LogAgent does), the QRadar SIEM immediately knows what a given event means in the context of the server or device that sent it.

    “QRadar has its own standard for data formats that it likes to receive. When it gets data in those formats, then it’s really happy and it works out of the box,” Townsend says. “We did the development work with QRadar, and the IBM QRadar team did development work, and the result is . . . that QRadar customers don’t have to spend this time saying ‘OK, this is a password failure from the IBM i server and it probably isn’t a good thing.'”

    Townsend gives credit to IBM’s QRadar team for taking the time to understand the IBM i too, including what security events are important and how to rank the severity levels. “We had to work hand in hand with the QRadar team to implement support for it,” he says.

    Big IBM i installations can generate upwards of 300 million log events per day, and not all of them are important. The most important events, from a SIEM and security point of view, are those “star security” events related to intrusion detection, password failures, and failure to issue Kerberos tickets. But there are others, Townsend says.

    “There are certain events that you may like to know about that don’t fall into that [star security group] that may have security implications,” he says. “We tend to find most people are sending most of what they collect over to the SIEM solution, and let it do the filtering.”

    Sending so much data to a SIEM used to be problematic, but the top SIEM products, such as QRadar, have bulked up and can cope with the data deluge, Townsend says. “Five years ago there were some SIEMs that could not keep up with the volume of events we were throwing at them,” he says. “But I think they have mostly handled that issue. I don’t see that as a problem anymore. Our customers are deploying a wide variety of products and they’re standing up to the volume.”

    At the end of the day, the result of the partnership between Townsend Security and the IBM QRadar team is less integration work to do to get IBM i log data fed into the QRadar SIEM, and a better real-time security posture. “That’s what we’re achieving with QRadar: that immediate out-of-the-box recognition of what these events mean from a security point of view,” Townsend says.

    With Alliance LogAgent acting as the translator, the IBM i server joins about 300 other devices that speak LEEF and work with QRadar without extensive integration and training. For more information on Alliance LogAgent, see www.townsendsecurity.com.

    RELATED STORIES

    Townsend Looks to Spread 2FA Far and Wide

    Townsend Delivers Fine-Grained IBM i Log Data to SIEMs

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    PERFSCAN

    Revolutionary Performance Management Software

    At Greymine, we recognize there is a void in the IT world for a dedicated performance management company and also for a performance management tool that’s modern, easy to use, and doesn’t cost an arm and a leg. That’s why we created PERFSCAN.

    PERFSCAN is designed to make your job easier. With revolutionary technology, an easy-to-read report and graphics engine, and real time monitoring, tasks that used to take days can now take minutes. This means you will know your system better and will be able to provide better service to your customers.

    OUR FEATURES

    PERFSCAN is full of robust features that don’t require you to take a three-day class in order to use the product effectively.

    Customizable Performance Reporting

    Whether you are troubleshooting a major system problem or simply creating a monthly report, PERFSCAN lets you select any combination of desired performance metrics (CPU, Disk, and Memory).

    User Defined Performance Guidelines

    No matter if you are a managed service provider managing complex systems in the cloud or a customer analyzing your on-premises solution, PERFSCAN gives you the flexibility to define all mission critical guidelines how they need to be.

    Understanding The Impact Of Change

    Tired of all the finger pointing when performance is suffering? PERFSCAN’s innovative What’s Changed and Period vs. Period analysis creates a culture of proof by correlating known environmental changes with system performance metrics.

    Comprehensive Executive Summary

    Creating performance graphs is easy. Understanding what they mean is another thing. With one mouse click, PERFSCAN includes an easy-to-understand executive summary for each core metric analyzed.

    Combined Real-Time Monitor And Performance Analysis Tool

    With PERFSCAN’s combined built in enterprise real-time monitor and historical performance analysis capability, you will always know how your mission-critical systems are performing.

    Cloud Performance Reporting Is Easy

    Managing performance for production systems in the cloud can be a black hole to many system administrators. The good news is PERFSCAN analyzes all core metrics regardless of the location. That’s why MSPs and customers love PERFSCAN.

    Detailed Job Analysis

    PERFSCAN shows detailed top job analysis for any desired period. All metrics are displayed in two ways: Traditional Report and Percentage Breakdown Pie Chart. This toggle capability instantly shows the jobs using the most system resources.

    Save Report Capability

    Your boss lost the report you gave to him on Friday. Now what do you do? With PERFSCAN’s save report capability, any report can be retrieved in a matter of seconds.

    Professional PDF Reporting With Branding

    Creating professional looking reports for your customers has never been easier with PERFSCAN. Branding for our partners and service provider customers is easy with PERFSCAN.

    Check it out at perfscan.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    LaserVault:  FREE Webinar: Protect data while saving time and money. Nov. 19th, 2pm EST
    United Computer Group:  VAULT400 BaaS delivers secure cloud backup and DR solutions
    Cilasoft:  Stay on top of your most difficult IBM i security challenges with our Auditing and Security Suite.

    Data Scrubbing Functions In DB2 For i End of Year Feedback

    Leave a Reply Cancel reply

Volume 25, Number 59 -- November 18, 2015
THIS ISSUE SPONSORED BY:

Profound Logic Software
United Computer Group, Inc.
Cilasoft
LaserVault
Manta Technologies

Table of Contents

  • ERP Upgrades: Love ‘Em or Leave ‘Em?
  • Townsend Security Turns Over a New LEEF
  • LANSA Shows Off Responsive Design Capabilities
  • IBM i Mobile Apps Made Easy
  • Vision Touts MIMIX Success Stories

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Power10 Boosts NVM-Express Flash Performance
  • Fortra Completes Postmortem Of GoAnywhere Vulnerability
  • Guru: Binding Directory Entries
  • How Does Your Infrastructure Spending Stack Up To The World?
  • IBM i PTF Guide, Volume 25, Number 22
  • Fortra Issues 20th State of IBM i Security Report
  • FNTS Launches Managed Services for Power Servers in IBM Cloud
  • Total LTO Shipped Capacity Up Slightly in 2022
  • Four Hundred Monitor, May 24
  • Update On Critical Security Vulnerability In PowerVM

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle