All DADSM events go through a system exit point or control point such as IDGPRE00 and IDGPOST0, at which point DTS Software’s ACC Monarch product can take control with automation and perform an array of actions. Using a policy rules language, ACC Monarch relies on IF statements to take action based on user-defined dataset characteristics. If the specified condition is met, the Dynamic Install Facility (DIF) started task performs the action.
A basic example of an action might be updating system control blocks, but actions could also include analysis operations such as writing records to DASD, writing records to a log file, or writing reports. These resources can be created using an arbitrary, user-defined record that isn’t necessarily an SMF record, and they can also be written directly to TCP/IP for analysis by Splunk or any other SIEM system. By enabling this kind of thorough analysis during the dataset lifecycle, organizations can spot unusual access patterns that could indicate a threat — and they can do it without the need to know assembler coding.
For more information about how storage event awareness can contribute to security, we encourage you to view our recent webinar on TechChannel, “Aggregation without Aggravation: When Putting More Log Data in Your SIEM is a Good Thing.” DTS Software CTO Steve Pryor and veteran mainframe expert Reg Harbeck offer insights into how you can leverage dfSMS events in conjunction with your existing SIEM data to build a more complete picture of the threats facing your organization.