splunk | DevOps

Overview

Real time data collection and analysis is critical in helping IT identify trends and solve issues before they negatively impact the business. Compuware Application Audit’s rich user behavior data can be leveraged with Splunk for further analysis to mitigate the threat of insider breaches. Likewise, mainframe systems data collected by Abend-AID can be sent to Splunk to provide teams with at-a-glance intelligence on application faults and abends.

Cybersecurity

Problems Solved

Most enterprises still rely on disparate logs and SMF data from security products such as RACF, CA-ACF2TM and CA-Top Secret® to piece together user behavior. Some IT security organizations may even apply advanced analytics to deduce who accessed what, when. Neither approach is sufficient to meet the relentlessly escalating demands of cross-platform enterprise cybersecurity and increasingly burdensome global compliance mandates.

Compuware Application Audit’s integration with Splunk empowers large enterprises to further leverage their user behavior data to analyze, detect and mitigate security breaches in multi-platform environments.

How the Application Audit Integration Works

  • Application Audit fully captures start-to-finish mainframe application user behavior in real time.
  • The data can be sent to Splunk directly for analysis or in combination with Syncsort Ironstream®.
  • Application Audit in conjunction with Splunk enables organizations to more effectively and efficiently:
    • Detect, investigate and respond to inappropriate behavior by internal users with access
    • Detect, investigate and respond to hacked or illegally purchased user accounts
    • Support criminal/legal investigations with complete and credible forensics
    • Fulfill compliance mandates regarding protection of sensitive data
  • Cybersecurity teams may also leverage an out-of-the-box Application Audit Splunk-based dashboard to view a multitude of statistics around user behavior including users by LPAR; users by session duration; users with invalid transactions; transactions not recognized by LPAR; and more.

Application Faults and Abends

Problems Solved

Abends and application failures can be an ongoing challenge for mainframe organizations, especially as IT teams release code updates more frequently. The key to minimizing any negative impact to critical business services is maximizing the information available to analyze issues. Abend-AID together with Splunk can give mainframe teams the necessary insight to prevent small issues from turning into costly problems.

How the Abend-AID Integration Works

  • Compuware Abend-AID collects information on problems occurring in mainframe systems.
  • Syncsort Ironstream is required to automatically forward the data gathered by Abend-AID to Splunk, giving enterprises a unique view into potentially troublesome mainframe issues.
  • Whether identifying trends, spotting a spike in an abend or isolating environmental issues, the information available in Splunk via Ironstream provides IT with actionable insights into their mainframe environment.