Data Security Software

Home Solutions Cross-Plartform Audit Supported Platforms

Supported Platforms

Enforcive/ Cross-Platform AuditTM works with the following platforms:
  • IBM i (AS400)
  • IBM z (Mainframe)
  • Windows
  • SQL Server
  • Unix/AIX
  • Linux
  • Oracle
  • Sun Solaris

IBM i (AS400)

The CPA is tightly integrated with Enforcive/ Enterprise Security, the leading security and auditing product for the AS/400, allowing the import of audit events together with group and report definitions from the IBM i.
A large selection of IBM i system audit reports are provided, pre-defined and ready to run.
Audit data imported to the central data repository can originate in any of the monitored IBM i applications including:
  • Application audit (like signon, TCP/IP, FTP and database reads)
  • File audit (actual data changes on the field level value)
  • Alerts (that have already been issued)
  • View record data (information read)
  • System audit events (such as system value changes, object management and authorization failures)
  • ES administrator audit (a trail of the actions taken by the ES administrator)
  • SQL statement audit
  • IP filtering events
  • Compliance deviations
Applications can be further filtered by event category, for example ‘object authority' deviations only or ‘database' application audit events, and even down to functions such as SQL read, add and/or delete.
Using the powerful custom application option, IBM i event reports can be produced for any combination of applications and event categories.
Click the picture to view screenshot

IBM z (Mainframe)

The CPA handles all mainframe system and data audit events from the leading security applications; RACF, Top Secret and SAFE and additionally, DB2, TCP/IP and SMF.
CPA SMF events for RACF and Top Secret are categorized into four categories: Security events (e.g. resource access, add volume, scratch), admin events (e.g. change password, change group profile), z-Unix (e.g. kill, link, open) and Kerberos events (e.g. grant ticket, PKI verify).
DB2 events collected by the CPA allow you to monitor data read and changed at the field level. In the case of changes, the before and after values of the changed fields are shown side by side.
mainframe-db2-zoom_small
Click the picture to view screenshot
Events from Enforcive's range of mainframe security products include SAFE/CICS security events such as program violations, user suspensions, SMF and non-SMF access via FTP and Telnet (e.g. logon, logoff, send, retrieve), and VSAM file operations (e.g. record open, close, append)
Shown below, is an example of one of the ready-defined MF reports included in the CPA. Other customizable standard report formats include: users who have submitted programs with another user's code, unauthorized access to system resources, unauthorized access to sensitive files and unused sensitive files.
The CPA shares the same GUI as Enforcive's leading CICS security products such as Enforcive/Security for CICS which allows complete access control by user for resources such as files, programs and transactions and provides field level protection and masking.

SQL Server

The CPA includes a host of powerful auditing functions for SQL server. Full-featured audit policy definition includes specification of categories of system audit events, SQL statements, databases, users and applications.
The CPA's SQL Server audit capabilities incorporate auditing directly on the database with three powerful audits: SQL Statement Audit that displays full-length SQL statement detail, System Audit showing activity such as login and database management events and Data Audit showing data changes in tables at the field level.
Click the picture to view screenshot
SQL Server audit data can be imported to the CPA's central data repository for integrated auditing alongside audit events from other platforms.
Click the picture to view screenshot

Windows

Comprehensive capturing of event and server logs, without the need for an agent on the end point. Including:
  • Windows Event Logs: Security, DNS, system, application and others
  • Microsoft DHCP log
  • Microsoft ISA Server logs
  • Microsoft IIS Web Server logs
  • Microsoft Exchange Server log
  • IBM Lotus Domino log
Parameters such as log size and overwrite policy can be changed directly on the host computer through the CPA interface.

Windows Domain Server and Active Directory - SOX Compliance

The Windows SOX Compliance Manager is a tool to create, document and maintain a clear security policy for Windows PCs and servers in your organization. The policy details are defined through templates specific to different categories pertaining to local PC and Windows Active Directory definitions. The template categories are:
  • Active Directory Account Policy
  • Active Directory Group Account
  • Active Directory Group Membership
  • File Permissions
  • File Permissions (advanced)
  • File Security Audit Definitions
  • Folder Sharing Permissions
  • Password Settings
The policy can be checked against the actual definitions in the system, producing a report showing any deviations from that policy.
Click the picture to view screenshot

AIX

The CPA provides direct control of AIX audit policy with event logging including system and Unix DB2 events.
The main system audit events are categorized as follows:
  • System events (devices, time changes...)
  • Kernel procedure (execution, loads...)
  • Audit (audit policy changes)
  • File system (opens, reads, ownership...)
  • SVIPC system (msg reading, writing...)
  • TCP/IP user level (connect, data in/out...)
  • TCP/IP kernel level (bind, listen, receive...)
  • Unix commands (cron jobs, group changes...)
Plus 12 other event categories including shell, objects and secureway directory server.
The DB2 audit events are categorized as follows:
  • DB2 audit control (start, stop, config...)
  • Checking (function, object, transfer...)
  • Object maintenance (rename, alter...)
  • Security maintenance (grant, revoke...)
  • System admin (drop DB, start DB2...)
  • Validation (authentication, group mbr...)
  • SQL statements (connect, drop, execute...)

Linux

Linux events on all the main hardware platforms are handled in the CPA including: X86, X86 64-bit, IAX 64-bit, PPC, PPC 64-bit and system 390 / 390X).
Linux events are categorized as follows:
  • Audit system commands (list, login, user...)
  • User space trusted application messages (user command, user login, add group...)
  • Messages internal to the audit daemon (config, start, abort...)
  • Audit event messages (config change...)
  • Kernel SE Linux use (AVC path, MAC sts)
  • AppArmor (allowed, denied, error...)
  • Kernal crypto events (first / last message)
  • Kernal anomaly (append, promiscuous)
  • User space anomaly and response (crypto fail, login failure, alert, kill proc...)
  • User space LSPP (device allocation, role assign/ remove, user role change...)
  • User space crypto (first / last messages)
The currently-defined audit policy for each machine can be viewed and changed through the CPA.

Oracle Server

Agentless monitoring of Oracle database events including inquiries, administrative operations on the database and actual data changes at the field level:
  • SQL Statements
  • Oracle System
  • Oracle Admin
  • Oracle Profiles/Users
  • Oracle Procedures
  • Data Audit (Before/After Changes)

Sun Solaris

Monitoring and logging of all system audit events for the Solaris operating system.
Want to learn more?