Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Enterprise-IT-Security.com SF-Sherlock

The JSA DSM for Enterprise-IT-Security.com SF-Sherlock collects logs from your Enterprise-IT-Security.com SF-Sherlock servers.

The following table describes the specifications for the Enterprise-IT-Security.com SF-Sherlock DSM:

Table 1: Enterprise-IT-Security.com SF-Sherlock DSM Specifications

Specification

Value

Manufacturer

Enterprise-IT-Security.com

DSM name

Enterprise-IT-Security.com SF-Sherlock

RPM file name

DSM-EnterpriseITSecuritySFSherlock-JSA_version-build_number.noarch.rpm

Supported versions

v8.1 and later

Event format

Log Event Extended Format (LEEF)

Recorded event types

All_Checks, DB2_Security_Configuration, JES_Configuration, Job_Entry_System_Attack, Network_Parameter, Network_Security, No_Policy, Resource_Access_Viol, Resource_Allocation, Resource_Protection, Running_System_Change, Running_System_Security, Running_System_Status, Security_Dbase_Scan, Security_Dbase_Specialty, Security_Dbase_Status, Security_Parm_Change, Security_System_Attack, Security_System_Software, Security_System_Status, SF-Sherlock, Sherlock_Diverse, Sherlock_Diverse, Sherlock_Information, Sherlock_Specialties, Storage_Management, Subsystem_Scan, Sysplex_Security, Sysplex_Status, System_Catalog, System_File_Change, System_File_Security, System_File_Specialty, System_Log_Monitoring, System_Module_Security, System_Process_Security, System_Residence, System_Tampering, System_Volumes, TSO_Status, UNIX_OMVS_Security, UNIX_OMVS_System, User_Defined_Monitoring, xx_Resource_Prot_Templ

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

Enterprise-IT-Security website (http:/www.enterprise-it-security.com)

To integrate Enterprise-IT-Security.com SF-Sherlock with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console:

    • Enterprise-IT-Security.com SF-Sherlock DSM RPM

    • DSM Common RPM

  2. Configure your Enterprise-IT-Security.com SF-Sherlock device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a Enterprise-IT-Security.com SF-Sherlock log source on the JSA Console. The following table describes the parameters that require specific values for Enterprise-IT-Security.com SF-Sherlock event collection:

    Table 2: Enterprise-IT-Security.com SF-Sherlock Log Source Parameters

    Parameter

    Value

    Log Source type

    Enterprise-IT-Security.com SF-Sherlock

    Protocol Configuration

    Syslog