real-time alerting, monitoring external security monitor
TRANSCRIPT
![Page 1: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/1.jpg)
Real-Time Alerting, Monitoring External Security Monitor (ESM) Control Options with CA Compliance Event Manager Security Essentials
JIM BROADHURST, PRODUCT MARKETING ENGINEER (PRODUCT OWNER)
1.19.2020
![Page 2: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/2.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights
and/or obligations of CA or its licensees under any existing or future license agreement or services agreement relating to any CA software
product; or (ii) amend any product documentation or specifications for any CA software product. This presentation is based on current
information and resource allocations as of 13th October 2020 and is subject to change or withdrawal by CA at any time without
notice. The development, release and timing of any features or functionality described in this presentation remain at CA’s sole
discretion.
Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in this
presentation, CA may make such release available to new licensees in the form of a regularly scheduled major product release. Such release
may be made available to licensees of the product who are active subscribers to CA maintenance and support, on a when and if-available
basis. The information in this presentation is not deemed to be incorporated into any contract.
Copyright © 2020 Broadcom. All rights reserved. The term “Broadcom” refers to Broadcom Inc. and/or it’s subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA Technologies logo are among the trademarks of Broadcom.
THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. Broadcom assumes no responsibility for the accuracy or
completeness of the information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, BROADCOM PROVIDES THIS DOCUMENT “AS IS”
WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will Broadcom be liable for any loss or damage, direct or
indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost
data, even if Broadcom is expressly advised in advance of the possibility of such damages.
Disclaimer
![Page 3: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/3.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
About Me
3
![Page 4: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/4.jpg)
The Importance of Monitoring ESM Control Options
![Page 5: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/5.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
The Importance of Monitoring ESM Control Options
• Changes to control options could weaken or
completely compromise your security posture
• Such changes could be human error or malicious
intent
• Insider Threat
• An employee that has permissions to
access data, but uses that access for
personal gain or nefarious purposes.
Difficult to access because behavior is often
normal for their role.
• Vulnerabilities
• prerequisites, software updates or
components that are found to provide a
pathway to access or increased
permissions to a resource
5
![Page 6: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/6.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
ESM Control Options Monitoring
6
Establish Baseline Following
Best Practices
Define Change Control Process
Setup Continuous Monitoring
Monitor for
Changes
Periodic Review, Adjustments and Improvements
![Page 7: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/7.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Establishing a Baseline
• CA Mainframe Resource Intelligence Security
Assessment
• Security Assessments can help you better understand the
level of risk in your mainframe environment.
• System Settings – Key system configuration and
settings and parameters
• Bypass Privileges – Review bypass privileges and flag
any which violate security best practices
• Password Controls – Examine the password controls &
requirements, highlight vulnerabilities
• Unix System Services (USS) – Identify key security
related issues related to USS
• And many more – this just represents some of what this
assessment will evaluate.
• Security Technical Implementation Guides
(STIGs)
• A set of recommended best practice for systems settings
including mainframe ESM control option settings.
7
![Page 8: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/8.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
CA Mainframe Resource Intelligence Security Assessments
![Page 9: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/9.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Technical Implementation Guides
9
![Page 10: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/10.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Technical Implementation Guides
![Page 11: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/11.jpg)
CA Compliance Event Manager and Predefined Security Essentials Policy
![Page 12: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/12.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
12
Best Practices Protection Throughout the Entire Security Lifecycle
Advance Your Mainframe Protection with Modern Mainframe Security
12
CA Advanced Authentication
Mainframe / ESM
CA Trusted Access
Manager for z
CA Data Content
Discovery
CA Compliance Event Manager
CA Cleanup
10010101
Leverage new technology & controls
for Modern Mainframe Security
Locate and protect
sensitive data from
mainframe to mobile
Proactively identify
and respond to
security risks faster
Manage 24x7
privileged user
access with ease
Handle constant change
and reduce security
management load
![Page 13: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/13.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Predefined Policy - Documentation
![Page 14: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/14.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Predefined Policy - Documentation
![Page 15: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/15.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Predefined Policy Sets
![Page 16: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/16.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Predefined Policy Statements
![Page 17: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/17.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Predefined Policy Statements
![Page 18: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/18.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Predefined Policy Actions
![Page 19: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/19.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Predefined Policy Actions
![Page 20: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/20.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
User-Defined Variables – A Prerequisite!
![Page 21: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/21.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Predefined Policy Email Actions
![Page 22: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/22.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Defining the Security Essentials Email Recipients
• The only site specific values needed for the predefined Policy Actions are email recipients
• The Email recipients in the email actions use User Defined Variables specified in a configuration file
![Page 23: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/23.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Activating the Predefined Policy Sets
• To activate usage of the predefined Policy Sets you update the POLICYSET= value in the parmfile
member for each listener
• CEMLPRM – Logger
• CEMAPRM – Alert
• CEMMPRM – Monitor
• CEMWPRM – Warehouse
![Page 24: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/24.jpg)
Security Essentials Email Alerts
![Page 25: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/25.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Example Security Essentials Email Alerts – TSS
• TSS MODIFY(MODE(WARN)) will generate two alerts
• One from a “Security System Modify” event
• One from ESM Monitor
![Page 26: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/26.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Example Security Essentials Email Alerts – TSS
• This is the alert for a TSS Modify command
![Page 27: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/27.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Example Security Essentials Email Alerts – TSS
• Here is the alert from the ESM Monitor
• Note 1: the before and after ESM option values are not currently available as substitution variables in the alert. This
functionality is currently planned
• Note 2: ESM Monitor can detect changes asserted from TSS parmfile changes across IPLs. In this case there would only
be one alert since no MODIFY command would have been issued
![Page 28: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/28.jpg)
Security Essentials Reporting through the UI
![Page 29: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/29.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Reporting through the UI
• At this time we do not ship predefined reports. The steps to create are extremely simple and
documented.
• I have created one report for ESM Monitor and another for MODIFY commands
![Page 30: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/30.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Report From ESM Monitor
The UI report shows the before and after values. Here we see some very
suspicious activity.
![Page 31: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/31.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Sample Report for TSS Modify Commands
![Page 32: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/32.jpg)
Security Essentials Batch Reporting
![Page 33: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/33.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Batch Reporting
We provide template JCL for batch reporting
for Datacom/AD. Your reporting tool of choice
could be used with DB2
![Page 34: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/34.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
We provide sample queries for Security Essentials batch reporting. This
is the sample query for Modify commands.
Security Essentials Batch Reporting
![Page 35: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/35.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Batch Reporting
This is the sample query for ESM Monitor.
![Page 36: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/36.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Batch Reporting
• You can copy the template JCL and create a single job using both sample queries.
![Page 37: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/37.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Batch Reporting
• The job currently sends both reports to SYSOUT. The output could be sent to a data set (e.g. a
GDG)
![Page 38: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/38.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Batch Reporting
• Here is sample output from the report for Modify commands
![Page 39: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/39.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials Batch Reporting
• Here is the output from the ESM Monitor report
![Page 40: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/40.jpg)
Predefined Policy – The Details
![Page 41: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/41.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Event-Based vs ESM Monitor
41
![Page 42: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/42.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Event-based Types Pertinent to Monitoring ESM Options
42
• For all three ESMs we will monitor
for Security System Modify events
• For ACF2 we will additionally need to
monitor for Other Administration
events
• For every event we will take the
following actions
• Generate an Email Alert
• Generate a WTO Alert
• Include in Warehouse
• Include in Logger
• Include in Data Mart
![Page 43: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/43.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Security Essentials ESM Monitor Statements
• The ESM Monitor Statements are simple and specify to monitor for changes to any option for
each ESM
43
![Page 44: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/44.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
CA Security Essentials for IBM RACF Event-based Statements
• RACF is the simplest. System Security Modify will catch any SETROPTS commands
44
![Page 45: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/45.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
CA Security Essentials for CA TSS Event-based Statements
• For TSS we aren’t interested in TSS MODIFY(STATUS) commands so these need to be filtered out
45
![Page 46: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/46.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
CA Security Essentials for CA ACF2 Event-based Statements
• ACF2 is the most complex as the options can be changed but are not active until a
subsequent Refresh command is issued
46
![Page 47: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/47.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
CA Security Essentials for CA ACF2 Event-based Statements
• We use Other Administrative type events for the Change, Delete or Insert commands that
could affect ACF2 options. We could use a single statement for GSO, CPF and LDS
Infostorage records. But we separate them to allow for more granularity in the email
action alert text.
• Below is the Statement for GSO
47
![Page 48: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/48.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
CA Security Essentials for CA ACF2 Event-based Statements
• For CPF
48
![Page 49: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/49.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
CA Security Essentials for CA ACF2 Event-based Statements
• For LDS
49
![Page 50: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/50.jpg)
Broadcom Proprietary and Confidential. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
CA Security Essentials for CA ACF2 Event-based Statements
• Here is the Statement for the System Security Modify event and we have the check for
REFRESH as part of the test conditions.
50
![Page 51: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/51.jpg)
Thank You
![Page 52: Real-Time Alerting, Monitoring External Security Monitor](https://reader030.vdocuments.mx/reader030/viewer/2022020621/61e9b77915f8fe6b0e084cd4/html5/thumbnails/52.jpg)
Now, please join us for a live Question and Answer discussion. Click the meeting link at the bottom of the Session Description to join us.
This is your opportunity to connect with the presenter(s) and your peers, ask
questions, and share information related to this topic.