Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

ZSecure Alert for RACF

 

Use the JSA zSecure Alert for RACF Content Extension to closely monitor your zSecure Alert for RACF deployment.

JSA ZSecure Alert for RACF Content Extensions

JSA ZSecure Alert for RACF Content Extension V1.0.2

The Action custom property was assigned a new ID. Delete any existing Action custom properties before you upgrade to V1.3.2.

The following table shows the custom properties that are new or updated in JSA zSecure Alert for RACF Content Extension V1.0.2.

Table 1: Custom Properties in JSA ZSecure Alert for RACF Content Extension V1.0.2

Name

Optimized

Capture Group

Regex

Action

Yes

1

whatACTION="([^"]+)"

(Back to top)Use the JSA zSecure Alert for RACF Content Extension to closely monitor your zSecure Alert for RACF deployment.

JSA ZSecure Alert for RACF Content Extension V1.0.1

The following table shows the custom properties that are new or updated in JSA zSecure Alert for RACF Content Extension V1.0.1.

Table 2: Custom Properties in JSA ZSecure Alert for RACF Content Extension V1.0.1

Name

Optimized

Regex

User ID

Yes

whoUSERID="([^"]+)"

(Back to top)Use the JSA zSecure Alert for RACF Content Extension to closely monitor your zSecure Alert for RACF deployment.

JSA ZSecure Alert for RACF Content Extension V1.0.0

The following table shows the custom properties that are new or updated in JSA zSecure Alert for RACF Content Extension V1.0.0.

Table 3: Custom Properties in JSA ZSecure Alert for RACF Content Extension V1.0.0

Name

Regex

Action

whatACTION="([^"]+)"

Alert

Alert: ([^\t]+)

Alert ID

C2P([^\t]{4})\s

Authority

onWhatAUTHORITY="([^"]+)"

Job ID

whatJOBID="([^"]+)"

Name

whoNAME="([^"]+)"

System

whereSYSTEM="([^"]+)"

User ID

whoUSERID="([^"]+)"

User ID Change

onWhatRACFCMD-NAME="([^"]+)"

WTO Message

whatWTO-MESSAGE="([^"]+)"

The following table shows the rules and building blocks that are new or updated in JSA zSecure Alert for RACF Content Extension V1.0.0.

Table 4: Rules in JSA ZSecure Alert for RACF Content Extension V1.0.0

Name

Description

A Mainframe User Account got Privileged Access

Detects zSecure alert 1109 and 1110, where a user account got privileged access.

Highly Authorized User Revoked for Password Violations

Detects zSecure alert 1104, where a highly authorized user account is revoked due to password violations.

System Authority Was Granted

Detects zSecure alert 1105, where a user was granted a system-level authority.

System Authority Was Removed

Detects zSecure alert 1106, where a system-level authority right was removed from a user.

UACC Set to Read On a Data Set Profile

Detects zSecure alert 1203, where UACC is set to read on a dataset profile.

UACC Set To Update On A Data Set Profile

Detects zSecure alert 1202, where UACC is set to update on a dataset profile.

User Account Added To An Important Group

Detects zSecure alert 1701, where an important group right was assigned to a user account.

(Back to top)Use the JSA zSecure Alert for RACF Content Extension to closely monitor your zSecure Alert for RACF deployment.

Related Documentation