Glossary Term

SIEM

Security Information and Event Management: centralized platforms that collect, correlate, and alert on security event logs across an organization's systems, including IBM i.

Definition

SIEM platforms such as IBM QRadar and Splunk pull event and audit data from across an environment into one place so security teams can correlate activity and respond to threats faster. IBM i environments generate this data through the security audit journal (QAUDJRN) and message queues like QHST, but that data does not reach a SIEM automatically.

Getting IBM i into a SIEM usually requires a log forwarding tool that converts audit journal entries into a format the SIEM understands, commonly syslog, CEF, or LEEF, and sends it in near real time or on a scheduled interval.

Example

A buyer preparing for a cyber insurance review may need to show that privileged access events on IBM i are visible in the same SIEM dashboard used for the rest of the network, not tracked separately.