No Compliance Event Manager Sample SIEM/SPLUNK Actions Found
Article ID: 111967
Updated On:
Products
Compliance Event Manager
Issue/Introduction
When searching for Compliance Event Manager SIEM/SPLUNK actions there were no results returned. Where can the sample SIEM/SPLUNK Actions be found?
Environment
z/os
Resolution
To add the sample SIEM/SPLUNK and SYSPRINT policy actions to the Compliance Event policy database (MAPDB), the sample CEMEMAPA job from the in installation ceme_hlq.ceme_mlq.CUSTOM.JOBLIB library can be run.
The sample CEMEMAPA job will add the following Actions to the Compliance Event policy database (MAPDB).
Sample SIEM/SPLUNK Actions:
'CA SIEM Sample Security System Start'
'CA SIEM Sample Security System Stop'
'CA SIEM Sample Security System Stop Violation'
'CA SIEM Sample Security System Modify'
'CA SIEM Sample Security System Modify Violation'
'CA SIEM Sample Signon'
'CA SIEM Sample Signon Violation'
'CA SIEM Sample Signoff'
'CA SIEM Sample Object Access Successful No Audit'
'CA SIEM Sample Object Access Successful Audit'
'CA SIEM Sample Object Access Violation'
'CA SIEM Sample Object Access Close'
'CA SIEM Sample Account Administration'
'CA SIEM Sample Account Administration Violation'
'CA SIEM Sample Policy Administration'
'CA SIEM Sample Policy Administration Violation'
'CA SIEM Sample Other Administration'
'CA SIEM Sample Other Administration Violation'
'CA SIEM Sample USS InitUSP'
'CA SIEM Sample USS DeleteUSP'
'CA SIEM Sample USS R_setuid'
'CA SIEM Sample USS R_seteuid'
'CA SIEM Sample USS R_setgid'
'CA SIEM Sample USS R_setegid'
'CA SIEM Sample USS InitACEE'
'CA SIEM Sample USS ck_access'
'CA SIEM Sample USS R_chown'
'CA SIEM Sample USS R_chmod'
'CA SIEM Sample USS R_chaudit'
'CA SIEM Sample USS R_audit'
'CA SIEM Sample USS R_setfacl'
Sample SYSPRINT Actions:
'CA Sysprint Sample Security System Start'
'CA Sysprint Sample Security System Stop'
'CA Sysprint Sample Security System Stop Violation'
'CA Sysprint Sample Security System Modify','ALERT'
'CA Sysprint Sample Security System Modify Violation'
'CA Sysprint Sample Signon'
'CA Sysprint Sample Signon Violation'
'CA Sysprint Sample Signoff'
'CA Sysprint Sample Object Access Successful No Audit'
'CA Sysprint Sample Object Access Successful Audit'
'CA Sysprint Sample Object Access Violation','ALERT'
'CA Sysprint Sample Object Access Close'
'CA Sysprint Sample Account Administration'
'CA Sysprint Sample Account Administration Violation'
'CA Sysprint Sample Policy Administration'
'CA Sysprint Sample Policy Administration Violation'
'CA Sysprint Sample Other Administration'
'CA Sysprint Sample Other Administration Violation'
'CA Sysprint Sample USS InitUSP'
'CA Sysprint Sample USS DeleteUSP'
'CA Sysprint Sample USS R_setuid'
'CA Sysprint Sample USS R_seteuid'
'CA Sysprint Sample USS R_setgid'
'CA Sysprint Sample USS R_setegid'
'CA Sysprint Sample USS InitACEE'
'CA Sysprint Sample USS ck_access'
'CA Sysprint Sample USS R_chown'
'CA Sysprint Sample USS R_chmod'
'CA Sysprint Sample USS R_chaudit'
'CA Sysprint Sample USS R_audit'
'CA Sysprint Sample USS R_setfacl'
The sample CEMEMAPA job will add the following Actions to the Compliance Event policy database (MAPDB).
Sample SIEM/SPLUNK Actions:
'CA SIEM Sample Security System Start'
'CA SIEM Sample Security System Stop'
'CA SIEM Sample Security System Stop Violation'
'CA SIEM Sample Security System Modify'
'CA SIEM Sample Security System Modify Violation'
'CA SIEM Sample Signon'
'CA SIEM Sample Signon Violation'
'CA SIEM Sample Signoff'
'CA SIEM Sample Object Access Successful No Audit'
'CA SIEM Sample Object Access Successful Audit'
'CA SIEM Sample Object Access Violation'
'CA SIEM Sample Object Access Close'
'CA SIEM Sample Account Administration'
'CA SIEM Sample Account Administration Violation'
'CA SIEM Sample Policy Administration'
'CA SIEM Sample Policy Administration Violation'
'CA SIEM Sample Other Administration'
'CA SIEM Sample Other Administration Violation'
'CA SIEM Sample USS InitUSP'
'CA SIEM Sample USS DeleteUSP'
'CA SIEM Sample USS R_setuid'
'CA SIEM Sample USS R_seteuid'
'CA SIEM Sample USS R_setgid'
'CA SIEM Sample USS R_setegid'
'CA SIEM Sample USS InitACEE'
'CA SIEM Sample USS ck_access'
'CA SIEM Sample USS R_chown'
'CA SIEM Sample USS R_chmod'
'CA SIEM Sample USS R_chaudit'
'CA SIEM Sample USS R_audit'
'CA SIEM Sample USS R_setfacl'
Sample SYSPRINT Actions:
'CA Sysprint Sample Security System Start'
'CA Sysprint Sample Security System Stop'
'CA Sysprint Sample Security System Stop Violation'
'CA Sysprint Sample Security System Modify','ALERT'
'CA Sysprint Sample Security System Modify Violation'
'CA Sysprint Sample Signon'
'CA Sysprint Sample Signon Violation'
'CA Sysprint Sample Signoff'
'CA Sysprint Sample Object Access Successful No Audit'
'CA Sysprint Sample Object Access Successful Audit'
'CA Sysprint Sample Object Access Violation','ALERT'
'CA Sysprint Sample Object Access Close'
'CA Sysprint Sample Account Administration'
'CA Sysprint Sample Account Administration Violation'
'CA Sysprint Sample Policy Administration'
'CA Sysprint Sample Policy Administration Violation'
'CA Sysprint Sample Other Administration'
'CA Sysprint Sample Other Administration Violation'
'CA Sysprint Sample USS InitUSP'
'CA Sysprint Sample USS DeleteUSP'
'CA Sysprint Sample USS R_setuid'
'CA Sysprint Sample USS R_seteuid'
'CA Sysprint Sample USS R_setgid'
'CA Sysprint Sample USS R_setegid'
'CA Sysprint Sample USS InitACEE'
'CA Sysprint Sample USS ck_access'
'CA Sysprint Sample USS R_chown'
'CA Sysprint Sample USS R_chmod'
'CA Sysprint Sample USS R_chaudit'
'CA Sysprint Sample USS R_audit'
'CA Sysprint Sample USS R_setfacl'
Additional Information
Additional details can be found in the Compliance Event Manager documentation in section 'Adding the Sample Actions to Your Policy Database'.
Feedback
Yes
No
Powered by
