Splunk is a leading platform when it comes to implementing a SOC. One reason is given with the Enterprise Security App based on Splunk’s Common Information Model (CIM).
To simplify a harmonious, effective and efficient SOC integration of the mainframe SF-Sherlock now also supports Splunk’s CIM. This allows you to directly “feed” corresponding SOC apps in Splunk with the corresponding vulnerability, event monitoring and intrusion detection results from z/OS. Since false-positives in a SOC context significantly more challenge your organization, compared to a classic and more isolated audit or IDS environment, it’s even more important that SF-Sherlock gives you full control on contributing the right “mainframe topics” to your SOC, step-by-step and in the right dose.
These are great news for all companies implementing a SOC. Running a real cross-platform SOC by also including the z/OS mainframe has never been easier.