Track user access to SAP data in yout SIEM

with the CorreLog Agent for SAP.



CorreLog provides cross-platform IT security log management and event log correlation. The solutions provide best-in-class, real-time event log collection across both distributed and mainframe systems. Event logs generated from CorreLog Agents are ready-format for the CorreLog SIEM Correlation Server or any SIEM correlation engine.

The CorreLog Agent for IBM z/OS

The CorreLog Agent for IBM z/OS expands the role of your corporate IT security system – whether the CorreLog Enterprise Server or other SIEM (Security Information & Event Management) collector – to include true real-time monitoring of mainframe SMF messages, empowering you with new and important capabilities for enhanced visibility into your mainframe user activity. Complete your centralized log management and/or SIEM strategy leveraging this powerful and unique real-time mainframe security and compliance component.

For many large organizations, one or more IBM z/OS mainframes constitute a strategic capital investment for their most mission-critical applications and processes. The CorreLog Agent for z/OS enables these organizations to combine z/OS SMF events with SIEM Syslog data, giving IT security personnel a complete system-wide vantage point for cyber-threat and security breach alerts. With SIEM platforms existing predominantly in distributed environments, the CorreLog Agent for z/OS allows organizations to include mainframe event log data in real-time for a unified, multiplatform view of enterprise security event data in a single console.

In concert with SIEM monitoring applications such as the CorreLog Enterprise Server or competing solutions, the CorreLog z/OS Agent allows the user to view mainframe SMF security, database and TCP/IP events, alongside events from Windows, UNIX, Linux, routers, firewalls, and other IT assets and can alert IT security personnel of cyber-threats before they happen.

The CorreLog z/OS Agent installs quickly, uses minimal resources, and does not require extensive training, ongoing maintenance or administration. The Agent is easily configured, allowing users to select from a myriad of events including TSO Logons, Production Job ABENDs, TCP/IP Connections, FTP File Transfers, RACF, CA Top Secret, ACF2, and DB2 accesses. Out of this event log data, security systems administrators may filter further by sub-categories and receive only the data relevant to security threats. This filtering capability streamlines data flow to SIEM system consoles without compromising network bandwidth.

The z/OS Agent also operates within the constraints of increasing compliance regulations such as PCI DSS, FISMA, HIPAA, NERC and Sarbanes-Oxley.

CorreLog Agent for SAP


Real-time Syslog conversion and normalization of SAP messages

Global businesses are running their most critical applications on the SAP platform. Users accessing services such as CRM, ERP, Asset Management, Financial Management, Human Resources, Procurement and Product Lifecycle Management and Supply Chain can number in the thousands at a large enterprise. The potential for cyber threat across such a wide swath of user activity is great and the need to track user behavior paramount.

The CorreLog Agent for SAP monitors system access to determine user activity related to system and profile changes, including both logon and logoff events. This allows the system administrator to keep track of who is accessing the system by the activity they log while in the system.

The Agent takes existing core SAP message related to user logon/logoffs, transactions, user profile edits/changes, etc., converts them to Syslog in real time, then normalizes the data for inclusion into the CorreLog Enterprise SIEM or any other SIEM system. Additional SAP messages can be included for conversion with and easy-to-configure Windows-based GUI, depending on the SIEM requirement.

The Agent takes minutes to install and includes all the function of the CorreLog Windows Agent (event log monitoring, log file monitoring, remote configuration/deployment) within a very small footprint that utilizes very little system resource. It can operate in both real-time and batch file mode and includes a comprehensive installation manual along with additional utilities to format additional SAP information.

Case Studies



Seminole County Public School (SCPS) System employs a “hub and spoke” IT environment that supports 8,500 employees and 63,000 students. Application delivery by the school system is both client/server and Software as a Service (SaaS). SCPS delivers these applications across more than 900 virtual servers where 99 percent of the operating systems are Microsoft Windows-based.

Read more…


Rechenzentrum Region Stuttgart GmbH (RZRS). The German government began issuing ID cards in 2012 to all of its citizens. RZRS was called on to assist with this monumental IT task. The German government mandated that RZRS handle the stringent demands of governmental compliance, while adhering to the SLAs for performance and availability. RZRS turned to CorreLog.”

Read more…

MTS Allstream

Ninety percent into the first phase of a multi-million dollar security information and event management (SIEM) implementation, MTS Allstream was asked by a major U.S. retailer to fi nd a mainframe agent to monitor DB2 activity. The solution would also have to be PCI compliant.

Read more…



Find out more

If you would like to read more about Correlog, their products, or if you would like to check out their solutions, please visit the links below:

Click to visit: Correlog’s website

Click the next link to check out the CorreLog Agent for SAP PDF!

Click the next link to check out the Other Correlog Solutions/Services