The so-called “total costs” of today’s SIEM systems are hard facts in terms of cost accounting, not only then when licenses are based on volume.

In addition to the license costs, there are “intellectual costs” in the form of the required configuration of the SIEM through the SIEM team in charge. For example, in order to classify the events as well as their access-related segregation. If the SIEM team does not have any mainframe know-how, integrating the mainframe to the SIEM easily becomes tedious. This is especially true if there are suddenly more mainframe users accessing the SIEM individually with their own spontaneous searches, evaluations and queries. Automatically supplied and predefined “standard reports” not always make specialists directly happy in all their complex situations. There are many reasons potentially preventing a “SIEM success story”.

We followed this thought, and with the new SF Sherlock Update Level 074, which will be released at the beginning of April, the following new features for a cost-effective SIEM integration will be available:

» Sherlock’s own “event world model”, which classifies and describes events in a “comprehensible manner” to non-mainframe specialists, now also lets you “enrich” events with additional installation-defined information. This feature is particularly useful for a “content-based comprehension optimization”, for example, to support your SOC team in directly better understanding the given situation caused by an incident.

» The z/OS Productivity Warehouse was further improved due to our customers’ request. It’s now much more intuitive, and defining installation-defined queries became much more easy. Localized on the mainframe, it’s potentially available to even more mainframe users as a cost-effective and valuable instrument when searching for errors, reasons, etc. It thus helps you to fill the SIEM even more limited and thus cost-effectively, and this lets you reduce the SIEM’s operational costs. Overall, it will provide the mainframe teams with more productivity during daily operations, such as troubleshooting, auditing, forensic investigations, etc., and thus also boosts your mainframe’s availability.

With that, SF Sherlock has further expanded its position as a mainframe SIEM connector that provides optimum performance at optimal costs.