Ironstream & Splunk Enterprise Security

Ironstream in combination with the Splunk Enterprise Security application available on the Splunk® platform brings powerful levels of monitoring and control to an organization’s security needs.

Splunk Enterprise Security (ES) is a premium solution offered on the Splunk platform to enable security teams to use all data to gain organization-wide visibility and security intelligence. Regardless of deployment model, Splunk ES can be used for continuous monitoring, incident response, running a security operations center, or for providing executives a window into business risk.

The Splunk platform, however, does not natively support mainframe log data — which means your enterprise-wide security view has a significant blind spot.

Precisely Ironstream, the industry-leading product for forwarding mainframe log data to Splunk, directly maps z/OS security events and information into Splunk ES dashboards.

The combination of Ironstream and Splunk ES can enable security teams to respond quickly to attacks, work proactively to identify threats, and have the assurance that all critical systems across the enterprise are covered.

This document briefly describes how all manner of machine data generated by networks and endpoints across the enterprise — including z/OS systems — can give total visibility into threat indicators such as:

• • Reducing mean-time-to resolution of system problems.
  • Unusual movement of data.
  • Authentication and access failures.
  • Creation or deletion of users.
  • All log-in activity.
  • Changes to user security information, passwords, and access rights