SF-Sherlock, and thus also SF-NoEvasion, has passed additional intensive performance reviews – driven by z/OS installations that process huge amounts of event data within their z/OS-SIEM, log archive, or Splunk integration. Larger amounts of event data easily result from the monitoring of DB2, CICS, MQ, Webshpere as well as other subsystems.
We achieved these great results by using the latest machine instructions supported by System Z machines as well as by further improving SF-Sherlock’s “event consolidation” feature supported by the real-time sniffer. Especially if your SIEM, log archive, or operational intelligence solution is licensed by the data volume it receives the event consolidation feature is of great benefit and will help you to reduce costs by not wasting your licensed data volume on redundant event data.
The new PTF level 080 is now released and ready for download.