CorreLog Mainframe SIEM Solutions2018-11-12T11:15:52+00:00

CorreLog Mainframe SIEM Solutions

Real-time mainframe security

Deliver mainframe security alerts to your enterprise SIEM in Real Time

See related resources

Your needs

For many large organizations, one or more IBM z/OS mainframes constitute a strategic capital investment for the most mission-critical applications, processes and data. The sophistication of malicious hackers today requires that organizations monitor real-time user event data from every corner of the enterprise, including mainframes. With Security Information and Event Management (SIEM) software platforms existing predominantly in distributed environments, those organizations need to include mainframe event log data for a unified, multi-platform view of enterprise security event data in a single console.

The CorreLog Mainframe SIEM Solutions

CorreLog Mainframe solutions are designed to deliver real-time notifications from RACF, ACF2, Top Secret, DB2 and IMS directly to any Windows- or UNIX-based Security Information & Event Management (SIEM) system. CorreLog Mainframe solutions allow users to view mainframe events in real-time, alongside security events from Windows, Unix, Linux, routers, firewalls, and other IT assets in an enterprise SIEM system.


  • Compatible with all existing SIEM software
  • Complements your existing mainframe security software
  • Compliant with standards such as PCI DSS, HIPAA, SOX, FISMA and GLBA
  • Records and alerts as to who accessed what data and when
  • Records and alerts as to what is not working in real time in your z/OS production system.


  • Collects events from any mainframe subsystem including RACF, ACF2, Top Secret, DB2, IMS, CICS, etc.
  • Certified integrations with IBM QRadar SIEM, HP ArcSight SIEM, RSA Security Analytics, McAfee ESM, Solutionary, Micro Focus NetIQ
  • Creates RFC 3164-compliant Syslog messages
  • Capacity for millions of Syslog messages per day
  • Uses only a few seconds of CPU per day

Take the SIEM Agent for z/OS for a test drive:

A global view of enterprise security event data in a single console


The CorreLog Mainframe solution allows users to view mainframe RACF, ACF2, Top Secret, DB2, IMS, CICS, etc. events in real-time alongside security events from Windows, Unix, Linux, routers, firewalls, and other IT assets in an enterprise SIEM system. This not only provides companies with the best possible security in real-time, but also helps ensure regulatory compliance.

Additionally, SIEM Agent converts a myriad of additional mainframe security events including TSO Logons, Production Job ABENDs, TCP/IP and FTP Connections.

Certified integrations with leading SIEM solutions

software security

For ease of deployment, the CorreLog Mainframe solution has certified integrations with IBM® Security QRadar®, HP ArcSight, RSA Security Analytics and a strategic partnership with McAfee. The CorreLog Mainframe solution has field integrations with many other leading SIEM solutions including Splunk and LogRhythm. The ability to view cross-platform security event log data in real- time is a ground-breaking feature of the CorreLog Mainframe solution.

Key for compliance standards


The CorreLog Mainframe solution provides IT security personnel with a more inclusive view of system-wide threat data for a higher level of user and system access monitoring related to network intrusion. The CorreLog Mainframe solution facilitates compliance requirements laid down by PCI DSS, HIPAA, IRS Pub, 1075, GLBA, SOX, FISMA, NERC and many other standards.


CorreLog is a CorreLog Inc. solution, distributed by Insoft-Infotel Software GmbH.