Release News for iSecurity™ - Startseite - Raz-Lee ... · Copy IFS file to PC ... together all individual Release News documents published for each of the ... management of security

Release News for

iSecurity™ Monthly Bulletin for the Entire

iSecurity™ Product Line

October 2017

www.razlee.com

Printed on: October 29, 2017

ii Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017

Legal Notice

Usage of this document, and all information (including product information) provided within, are subject to the following terms and conditions, and all applicable laws. If you do not agree with these terms, please do not access or use the remainder of this document.

This document contains highly confidential information, which is proprietary to Raz‐Lee Security Ltd. and/or its affiliates (hereafter, "Raz‐Lee"). No part of this document's contents may be used, copied, disclosed or conveyed to any third party in any manner whatsoever without prior written permission from Raz‐Lee. The information included in this document is intended for your knowledge and for negotiation purposes only. Raz‐Lee makes no implicit representations or warranties with respect to such information. The information included in this document is subject to change without notice. Any decision to rely on the information contained herein shall be at your sole responsibility, and Raz‐Lee will not accept any liability for your decision to use any information or for any damages resulting therefrom. Certain laws do not allow limitations on implied warranties or the exclusion or limitation of certain damages. If these laws apply to you, some or all of the above disclaimers, exclusions, or limitations may not apply to you.

All registered or unregistered trademarks, product names, logos and other service marks mentioned within this document are the property of Raz‐Lee or their respective owners. Nothing contained herein shall be construed as conferring by implication, estoppels, or otherwise any license or right, either express or implied, under any patent or trademark of Raz‐Lee or any third party. No use of any trademark may be made without the prior written authorization of Raz‐Lee. This document and all of its contents are protected intellectual property of Raz‐Lee. Any copying, reprinting, reuse, reproduction, adaptation, distribution or translation without the prior written permission of Raz‐Lee is prohibited.

Please check your End User License Agreement (EULA) for terms and Conditions.

2017 © Copyright Raz‐Lee Security Inc. All rights reserved.

Contacts

Raz‐Lee Security Inc. www.razlee.com

Marketing: [email protected] 1‐888‐RAZLEE‐4 (1‐888‐7295334)

Support: [email protected] 1‐888‐RAZLEE‐2 (1‐888‐7295332)

Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017 iii

Table of Contents

Preface ................................................................................................................. 11 Chapter 1

Intended Audience ........................................................................................................ 11

Product Documentation Overview ............................................................................... 11

Conventions used in this Document ............................................................................. 12

New and Updated Documents ............................................................................. 13 Chapter 2

Up‐to‐date Versions ............................................................................................. 14 Chapter 3

Action™ ................................................................................................................ 15 Chapter 4

Version 13.36 (August 2017) ........................................................................................ 15

Version 13.11 (December 2015) ................................................................................... 15

Audit™ .................................................................................................................. 16 Chapter 5

Version 13.36 (August 2017) ........................................................................................ 16

LEEF, CEF Field mode support, with Sub‐Type sensitivity ............................................................ 17

Version 13.28 (January 2017) ....................................................................................... 18

SMS and Special Support .............................................................................................................. 18

Support for Add QAUDJRN Sequence Number to SIEM *CEF/*LEEF Fields ................................ 18

Messages to SIEM in *CEF Structure ............................................................................................ 19

QHST SIEM Support....................................................................................................................... 19

QHST Duplication Prevention ....................................................................................................... 19

Bug Fix ........................................................................................................................................... 19


New Audit™ Codes ........................................................................................................................ 19

Global Installation Defaults Enhanced .......................................................................................... 20

Review and Update of Description and Possible Values of all Audit™ Code Fields ..................... 20

New Audit™ Type .......................................................................................................................... 20

Changes related to OS/400™ release 7.2 ..................................................................................... 21

Raz‐Lee Entry Types Added ........................................................................................................... 21

Deleting Unused Disabled Users ................................................................................................... 21

Global Installation Configuration Update ..................................................................................... 22

New Email Support Introduced .................................................................................................... 23

Copy Queries from Backup ........................................................................................................... 23

Export/Import Definitions ............................................................................................................. 23

CEF and LEEF ................................................................................................................................. 23

iv Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017

Check Raz‐Lee Authorization (CHKISA) has New OUTPUT(*EMAIL) Support ........................ 23

Set Start of Auditing Time (SETRTAUD) ...................................................................................... 24

Version 13.21 (April 2016) ............................................................................................ 24

Triple Syslog Definitions ............................................................................................................... 24

ZIP Report Generator Output ....................................................................................................... 24

Unique Support of Message Field for LEEF and CEF mode .......................................................... 25

Source IP Determination .............................................................................................................. 26

Moving Query Definitions ............................................................................................................ 26

Version 13.19 (March 2016) ......................................................................................... 26

New or Improved Query Sources of Information ........................................................................ 26

Exporting & Moving Query Definitions ........................................................................................ 27

New Query Capabilities with Sort‐Break Level, Sort Order, and Multi System ........................... 28

Additional Queries ........................................................................................................................ 28

New Network Attributes Added ................................................................................................... 30

Auto‐Delete Unused Disabled User Profiles ................................................................................ 30

Global Installation Defaults Enhanced ......................................................................................... 31

Email Definitions ........................................................................................................................... 31

DDM Data Queues Extended Support .......................................................................................... 31

Support of User Absence Security was extended to all Releases ................................................ 31

Version 13.15 (March 2016) ......................................................................................... 32

Version 13.11 (December 2015) .................................................................................. 32

Email definitions ........................................................................................................................... 34

Version 13.06 (October 2015) ...................................................................................... 34

Version 12.70 (March 2015) ......................................................................................... 35

Version 12.60 (January 2015) ....................................................................................... 37

Firewall™ ............................................................................................................. 38 Chapter 6

Version 17.44 (August 2017) ........................................................................................ 38

Version 17.42 (March 2017) ......................................................................................... 38

Setting Exit Points ......................................................................................................................... 38

Work with Database SQL Server Jobs........................................................................................... 39

Additional Message Information .................................................................................................. 39

New Verb – Merge Processed ...................................................................................................... 39

DSPFWLOG Type (*TELNET) ...................................................................................................... 39

*PRINT1-*PRINT9 User Parameters ..................................................................................... 39

Version 17.32 (October 2016) ...................................................................................... 39


Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017 v

Source IP Determination ............................................................................................................... 40

Extended Monitoring of ODBC and SQL by Combining DB‐OPEN and SQL Exit Points Benefits . 41

Tracing Changes in Product Definitions ........................................................................................ 42

Generic Base Support ................................................................................................................... 43

Extended Reporting of Firewall™ Definitions ............................................................................... 43

Print Firewall™ Definitions ............................................................................................................ 43

Version 17.27 (January 2016) ....................................................................................... 43



Version 17.17 (October 2015) ...................................................................................... 46

Version 17.15 (March 2015) ......................................................................................... 46

Screen™ ............................................................................................................... 48 Chapter 7

Version 17.44 (August 2017) ........................................................................................ 48

DB‐Gate™ ............................................................................................................. 49 Chapter 8

Version 2.41 (March 2016) ........................................................................................... 49

Version 2.40 (September 2014) ................................................................................... 49

Version 2.33 (July 2014)................................................................................................ 50

Version 2.32 (June 2014) .............................................................................................. 50

SQL ................................................................................................................................................ 50

Version 2.31 (March 2014) ........................................................................................... 50

Logging .......................................................................................................................................... 50

SQL ................................................................................................................................................ 51

Version 2.30 (March 2014) ........................................................................................... 51

SQL ................................................................................................................................................ 51

Capture™ ............................................................................................................. 52 Chapter 9

Version 4.14 (August 2017) .......................................................................................... 52

Version 4.13 (June 2017) .............................................................................................. 52

Version 4.12 (February 2017) ....................................................................................... 53

Version 4.06 (June 2016) .............................................................................................. 53

Version 4.01 (November 2015) .................................................................................... 54

Version 3.36 (April 2015) .............................................................................................. 54

Field & PGP Encryption™ ..................................................................................... 55 Chapter 10

Version 1.36 (June 2017) .............................................................................................. 55

AP‐Journal™ ......................................................................................................... 56 Chapter 11

vi Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017

Version 8.56 (December 2016) .................................................................................... 56



Version 8.43 (March 2015) ........................................................................................... 58

Authority on Demand™ (AOD) ............................................................................. 59 Chapter 12

Version 4.73 (August 2017) .......................................................................................... 59


Version 4.68 (July 2017) ............................................................................................... 59

Version 4.51 (July 2016) ............................................................................................... 60

Version 4.48 (April 2016) .............................................................................................. 60

Version 4.43 (June 2015) .............................................................................................. 61

Version 4.40 (June 2015) .............................................................................................. 62

Version 4.38 (April 2015) .............................................................................................. 63

Version 4.37 (March 2015) ........................................................................................... 63

Password Reset™ ................................................................................................. 65 Chapter 13

Version 4.75 (August 2017) .......................................................................................... 65


Change‐Tracker™ ................................................................................................. 66 Chapter 14

Version 1.26 (October 2015) ........................................................................................ 66

Version 1.21 (June 2015) .............................................................................................. 66

Version 1.20 (March 2015) ........................................................................................... 67

Anti‐Virus™ .......................................................................................................... 68 Chapter 15

Version 6.94 (May 2017) .............................................................................................. 68

Version 6.93 (May 2017) .............................................................................................. 68

Version 6.92 (May 2017) .............................................................................................. 68

Version 6.91 (April 2017) .............................................................................................. 68

Version 6.90 (March 2017) ........................................................................................... 68





Version 6.85 (August 2016) .......................................................................................... 69

Version 6.84 (June 2016) .............................................................................................. 69

Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017 vii

Version 6.83 (June 2016) .............................................................................................. 69

Version 6.82 (May 2016) .............................................................................................. 69

Version 6.81 (May 2016) .............................................................................................. 69


Version 6.79 (April 2015) .............................................................................................. 70

Version 6.78 (March 2015) ........................................................................................... 70


Version 6.69 (January 2015) ......................................................................................... 70

Assessment™ ....................................................................................................... 71 Chapter 16

Version 3.1.12 (October 2016) ..................................................................................... 71

Version 3.1.11 (October 2016) ..................................................................................... 71

Version 3.1.10 (September 2016) ................................................................................ 72

Version 2.3.02 (January 2015) ...................................................................................... 72

Authority Inspector™ ........................................................................................... 73 Chapter 17


Version 1.1.10 (August 2017) ....................................................................................... 73

Version 1.1.09 (July 2017) ............................................................................................ 73

GUI™ .................................................................................................................... 75 Chapter 18

Version 4.7.30 (October 2017) ..................................................................................... 75

Version 4.7.20 (July 2017) ............................................................................................ 77

AP‐Journal™ .................................................................................................................................. 77

Capture 5250 ................................................................................................................................ 77

Authority on Demand™ (AOD) ...................................................................................................... 77

Version 4.7.19 (June 2017) ........................................................................................... 77

Scheduler for Firewall™/Audit™/AP‐Journal™ .............................................................................. 77

Version 4.7.18 (May 2017) ........................................................................................... 77

Authorization ................................................................................................................................ 77

Audit™ Real Time Detection Rules and Queries and Reports ...................................................... 78

Version 4.7.17 (March 2017) ........................................................................................ 78

Authority on Demand™ (AOD) ...................................................................................................... 78

Queries and Reports ..................................................................................................................... 79

Version 4.7.16 (February 2017) .................................................................................... 82

Scheduler ...................................................................................................................................... 82

Journal Application Definitions ..................................................................................................... 82

viii Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017

User profile Report in Visualizer™ Business Intelligence ............................................................. 82

Compliance – Run Plan ................................................................................................................. 83

Online Help ................................................................................................................................... 83

Visualizer™ Business Intelligence ................................................................................................. 83

Version 4.7.15 (November 2016) ................................................................................. 83

Session Properties ........................................................................................................................ 83


AP‐Journal™ .................................................................................................................................. 84

Editing Report or Application Definitions ..................................................................................... 85

New Application Wizard ............................................................................................................... 86

Application Output – Containers .................................................................................................. 86

Firewall Groups ............................................................................................................................. 87

Version 4.7.13 (August 2016) ....................................................................................... 87

Firewall™ ....................................................................................................................................... 87

Visualizer™ Business Intelligence for Audit™ and Firewall™ ....................................................... 88

Firewall™/Audit™ New Query Wizard .......................................................................................... 89

AP‐Journal™ .................................................................................................................................. 89

Version 4.7.12 (July 2016) ............................................................................................ 89

Audit™ Query ................................................................................................................................ 89

Version 4.7.11 (June 2016) ........................................................................................... 90

Firewall™ ....................................................................................................................................... 90

Queries ......................................................................................................................................... 90

Copy IFS file to PC ......................................................................................................................... 91

Version 4.7.10 (April 2016) ........................................................................................... 91

Workspace Location Prompt ........................................................................................................ 91

New Installation Scenario ............................................................................................................. 92

Access per Instance ...................................................................................................................... 93

Update Scenario ........................................................................................................................... 93

Setting the prompt from within the application .......................................................................... 94

Version 4.6.42 (March 2016) ........................................................................................ 94

Audit™ ........................................................................................................................................... 94

Audit™ Queries ............................................................................................................................. 95

Authority on Demand™ (AOD) ..................................................................................................... 96

Firewall™ ....................................................................................................................................... 96

Queries ......................................................................................................................................... 96

Visualizer™ Business Intelligence ................................................................................................. 96

Version 4.6.41 (January 2016) ...................................................................................... 98

Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017 ix

Audit™ ........................................................................................................................................... 98

Firewall™ ....................................................................................................................................... 99

Visualizer™ Business Intelligence.................................................................................................. 99

Version 4.6.40 (December 2015) .................................................................................. 99

General .......................................................................................................................................... 99

Audit™ ......................................................................................................................................... 101

Business Intelligence ................................................................................................................... 103

User Management ...................................................................................................................... 104

Compliance Evaluator™ .............................................................................................................. 105

Version 4.6.34 (August 2015) ..................................................................................... 106

User Management ...................................................................................................................... 106

Audit™ ......................................................................................................................................... 107

Version 4.6.33 (July 2015) .......................................................................................... 107

User Management ...................................................................................................................... 107

Audit™ ......................................................................................................................................... 107

Version 4.6.33 (July 2015) .......................................................................................... 107

Queries ........................................................................................................................................ 107

Command™ ................................................................................................................................. 108

Version 4.6.31 (July 2015) .......................................................................................... 108

Anti‐Virus™ .................................................................................................................................. 108

Command™ ................................................................................................................................. 109

Queries ........................................................................................................................................ 109

Version 4.6.30 (May 2015) ......................................................................................... 109

Visualizer™ Business Intelligence................................................................................................ 109

Firewall™ ..................................................................................................................................... 110

AP‐Journal™ ................................................................................................................................ 111

Capture™ ..................................................................................................................................... 112

Audit™ ......................................................................................................................................... 113

Queries ........................................................................................................................................ 114

Version 4.6.21 (March 2015) ...................................................................................... 115

Audit™ ......................................................................................................................................... 115

Version 4.6.20 (March 2015) ...................................................................................... 115

Authority on Demand™ (AOD) .................................................................................................... 115

Queries ........................................................................................................................................ 117

Audit™ ......................................................................................................................................... 117

Query and Journal Application Filters ......................................................................................... 118

Version 4.6.13 (January 2015) .................................................................................... 119

x Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017

Compliance Evaluator™ .............................................................................................................. 119

Authority on Demand™ (AOD) ................................................................................................... 120

Preface

11 Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017

Preface Chapter 1

This Release News for iSecurity™ document is an accumulative document merging

together all individual Release News documents published for each of the iSecurity™

products and covering all versions released during the last two (2) years.

Detailed descriptions of these new features and improvements are provided within the

relevant product's User Guide documents.

Intended Audience

This Release News for iSecurity™ – October 2017 version is intended for users, system

administrators and security administrators responsible for the implementation and

management of security on IBM® AS/400™ systems. However, any user with a basic

knowledge of System i™ operations is able to make full use of this document after reading

this October 2017 version.

This document may also serve for new versions' upgrade approval by management.

Product Documentation Overview

Raz‐Lee products are designed for ease of use by personnel at all skill levels, especially

those with minimal System i™ experience. The October 2017 version includes a variety of

materials to get its users up to speed with the latest software upgrades quickly and

effectively.

This October 2017 version is the only printed document required for comprehending the

Release News for iSecurity™ products. It is available in user‐friendly PDF format and may

be displayed or printed using Adobe Acrobat Reader version 6.0 or higher.

Release News for iSecurity™ incorporates all of Raz‐Lee's iSecurity™ software products.

Monthly updated versions of this Release News for iSecurity™ may be downloaded from

Raz‐Lee Website.

Preface


Conventions used in this Document

● Commands, system messages (of the IBM® AS/400™), menu options, field names, and

function key's names are written in Courier New Bold.

● Links (internal or external) are emphasized with Bold and Underline and in blue color,

as follows: page 3, Raz‐Lee Website.

● Key combinations are in Bold and separated by a dash, for example: ,

– .

● Emphasized text is written in Bold.

● Sequence of operations (mainly by utilizing the keyboard) is marked as follows:

STRAUD8132, meaning: Syslog definitions activated by typing STRAUD and then

selecting option: 82 and then option: 32.

● Wherever applicable, Notes are provided within the text to draw attention to some

critical issues. These looks like:

NOTE: This icon points out useful information that does not affect the

integrity of your system.

● Wherever applicable, Warnings are provided within the text to draw attention to

some critical alarms. These looks like:

WARNING: This icon alerts you to a situation that could cause a loss

of data if a certain action is performed or avoided.

Control Shift

Tab

New and Updated Documents

Release News for iSecurity™ – Monthly Bulletin for the Entire iSecurity™ Product Line – October 2017 13

New and Updated Documents Chapter 2

The following new and updated documents were added (or replaced) in the Corporate and

Products Information page in the Distributor Area of Raz‐Lee's website:

Product Release Type Document Name Updated on

Authority Inspector™

1.1 UG Authority Inspector™ User Guide Release 1.1 11Jun17.PDF

11 June 2017


1.1 DS Authority Inspector™ Datasheet Release 1.1 9Jul17.PDF

9 July 2017

Capture™ 4.0 UG Capture™ User Guide Release 4.0 10Nov16.PDF

10 November 2016

For detailed information of the exact nature of the changes made to the iSecurity™

products, please review the latest releases of the relevant User Manuals of each product.

Up‐to‐date Versions


Up‐to‐date Versions Chapter 3

Following is a list of the most updated software versions:

Software Product Up‐to‐date Version Release Date

Action™ 13.36 25th August 2017 Audit™ 13.36 25th August 2017 Compliance Evaluator™ 4.7.20 2nd July 2017 Command™ 17.44 25th August 2017 Firewall™ 17.44 25th August 2017 Screen™ 17.44 25th August 2017 DB‐Gate™ 02.50 3rd September 2017 Capture™ 04.14 9th August 2017 Field & PGP Encryption™ 01.36 5th June 2017 AP‐Journal™ 08.58 28th August 2017 Authority on Demand™ (AOD) 04.78 12th September 2017 Password Reset™ 04.78 12th September 2017 Change‐Tracker™ 01.30 30th August 2017 Anti‐Virus™ 06.94 28th May 2017 Assessment™ 3.1.12 19th October 2016 Authority Inspector™ 1.1.11 20th September 2017 GUI™ 4.7.20 2nd July 2017

Action™


Action™ Chapter 4

Version 13.36 (August 2017)

● Now supports CEF and LEEF.

● Triple SIEM support added.

● *AUTO enhanced with *AUTO1 and *AUTO2.

● Advanced support of text messages (SMS).

● Export single action definition added.

● It is now possible to run multiple actions (by several filters) on the same item.

● Action™ can now be triggered based on event ratio too.

Such action can be scheduled to appear by desired frequency.

Version 13.11 (December 2015)

● &N in Action™ message is replaced with ‘New‐Line’ in mail message. In other cases,

such as standard message it is now being removed without any replacement.

● When defining the Action™ message, was added to allow the Action™ Id and

sequence number to be included in the message. This helps to identify the source of

the action.

F9

Audit™


Audit™ Chapter 5


● In STRSEC8959, a new parameter was added:

Mask UsrPrf with dft pwd. ??--??---- ?=Display, %=Display, random if blank This new parameter is used to define which characters will be displayed at Audit™ $P

reports output.

Example:

A$P $P Users with default password Control: T, B, +/- User |User |Display S |Class |Informati | | AA--CC---- *USER *SYSVAL AB--E ---- *USER *SYSVAL AG--UP---- *SECOFR *SYSVAL AL--X ---- *USER *SYSVAL AL--22---- *USER *SYSVAL AO--PC---- *USER *SYSVAL AU--SE---- *USER *SYSVAL AV--HA---- *SECOFR *SYSVAL AZ-- ---- *USER *SYSVAL AZ-- ---- *USER *SYSVAL A1-- ---- *USER *SYSVAL A1-- ---- *USER *SYSVAL A6-- ---- *USER *SYSVAL BA--CH---- *USER *SYSVAL BB-- ---- *USER *SYSVAL

Audit™


● New sources of information for queries added.

● QHST support now includes break‐down of messages into their parameters.

● Query Generator enhanced to support three different groups of summaries.

● A support of IASP is now available.

● Export Query – Users may now select one or more queries and export them to a

remote machine/LPAR.

● Multiple reports may now be ZIPed into a single file.

● “No Data” Notification Added to Email Subject of Empty Reports – Subject name

contains *NO DATA* will indicate "No exception found".

Since security is based of exception identification, this addition saves time as there is

no need to open empty reports.

● There is an optional enhanced auto‐disable of user profile with generic names.

● There is now an auto delete of dormant or disabled user profile.

● Copy time group – export/import feature now enable the delete of entries from the

remote system.

● Support of generic options is now available for general groups.

● Domain restriction while sending email form Audit™ to inhibit sending emails to

unwanted recipients.

● There is a new query option to use initial object selection for reports.

● There is a new $R query for IFS lists.

● Queries footnote now contains the initial filter selection.

● Report group summaries are available now.

● Groups export – import feature includes delete on remote.

LEEF, CEF Field mode support, with Sub‐Type sensitivity

● LEEF – a standard used by IBM® QRadar™, as well as the CEF used by HP™ ArcSight™

and others, are now supported.

Audit™


Both offer the sending of data in Field Mode by pairs of Field name and Field value.

● iSecurity™ supports all QAUDJRN messages.

Formatting is by Audit™ Type and Sub type or by Firewall™ server.

In this way, for audit types that represent different activities, e.g. Type OM with sub

types: M-Move and R-Rename, only relevant fields will be sent.

● QHST, QSYSOPR and any other Message Queue are supported in LEEF and CEF field

mode.

● Standard message support, i.e. message edited with its replacement values is

preserved.

This enables sending information in any free format as well as LEEF and CEF.

Version 13.28 (January 2017)

SMS and Special Support

● Standard support for SMS (“Text”) and Special Message from within Audit™ is now

available.

The Special Option is usually used for Beeper messages.

The SMS and Special Support feature utilizes the support of eMail‐to‐SMS/Special

functionality provided by many telecommunication service providers.

In the USA and some other countries this is a free service.

To use the SMS/Special Definitions option, type: STRAUD8112.

Support for Add QAUDJRN Sequence Number to SIEM

*CEF/*LEEF Fields

● Support was added for the Add QAUDJRN Sequence Number to SIEM *CEF/*LEEF

fields.

It is triggered by a new option in Global Installation Defaults (STRAUD8959).

Audit™


Messages to SIEM in *CEF Structure

● Messages to SIEM in *CEF Structure now allow customers to select whether Standard

CEF Extension Field Names are sent or not.

The default is – Y.

This feature is controlled by a new parameter in the Global Installation Defaults

(STRAUD8959 ) and the field name is Standard CEF Extension Field

Names.

QHST SIEM Support

● The support for QHST SIEM was changed to utilize the advantages of OS/400™

Asynchronous Job.

Other internal changes were also implemented.

The OS/400™ Asynchronous Job improves system performances.

QHST Duplication Prevention

● An internal software assessment was added to prevent duplicates.

Bug Fix

● DSPAULOG now properly supports OUTFILE for type CP.

● CHKISA and DSPISA (Check/Display iSecurity™ Authorization Status) now reports

status of Authority Code of IMPERVA SecureSphere™ Agent.


New Audit™ Codes

● New Audit™ Journal entry types and sub‐types were added to support OS/400™

Releases up to 7.3.

Page Down

Audit™


Also, new fields codes were added to existing Audit™ types in 7.3, including refresh of

IBM® texts for convenient user experience for values and descriptions.

Global Installation Defaults Enhanced

● This option has been enhanced and reshaped.

Among the enhancements:

Product‐Admin Email.

Add SYSTEM to query mail subject.

Review and Update of Description and Possible Values of

all Audit™ Code Fields

● Since Audit™ provides a description of fields in the Audit™ Entries, along with their

possible values (codes), a full review and update, as necessary, of all field text Audit™

Codes was supplemented.

● The number of fields in Audit™ Journal Entries reached 5 digits.

● Customers are reminded that on display screens, pressing Help while pointing to a

field will display the field description, possible entries, and their description.

Once on entry screens, pressing while pointing onto a field will display the above

and enable selecting one or several values (for LIST comparison).

New Audit™ Type

● In STRAUD11, new Audit™ Types were added to support OS/400™ Release 7.3.

These include:

*NETSECURE V7R3M0 36. | Secure network connections

*NETTELSVR V7R3M0 37. | Telnet Server connections

*NETUDP V7R3M0 38. | UDP traffic

F4

Audit™


NOTE: Starting with OS/400™ release 7.3, the role of *NETCMN was

changed – it now only writes security Audit™ Journal Entries for

a subset of the *NETSCK functions. It does not write security

Audit™ Journal Entries for accepts and connects.

● Audit™ types CP and C@ (User Profile Changes) were enhanced.

Changes related to OS/400™ release 7.2

● New Audit™ Types:

*PTFOBJ Changes to PTF objects

*PTFOPR PTF operations

● New Audit™ Journal entries:

AX Row and Column Access Control

PF PTF Operations

PU PTF Object Changes

X2 Query Manager Profile Changes

Raz‐Lee Entry Types Added

● A new Raz‐Lee entry type was added – $F Command Attributes for Limited

Capabilities users (STRAUD411).

The $F Command Attributes can be used to create reports about Limited Capabilities

users and more.

Deleting Unused Disabled Users

● Users who were in the *DISABLED state for a long period of time may be deleted

according to their Last used date, Create date, and Sign on date.

Audit™


User Profiles which are Group Profiles will never be deleted.

Exceptions may be added to generic* names list and excluded from delete even if

*DISABLED.

NOTE:

● Users in the disable exceptions list cannot be deleted.

● During Auto‐Deletion, some messages are sent to

QSYSOPR.

Global Installation Configuration Update

● Global installation configuration (STRADU8959) was enhanced by:

a. Refresh Z* report definitions: Y

Y=Yes, A=Replace all

b. *AUTO Level of message: 1

1=1st‐*AUTO1, 2=2nd‐*AUTO2

c. Standard auto disable – Y

Y=Yes

NOTE: Check manual before changing.

d. For SIEM:

i. Syslog source Port/IP

ii. TLS Application ID SIEM

Audit™


New Email Support Introduced

● A new email update was installed into Raz‐Lee's products.

Copy Queries from Backup

● In STRAUD8293, the option to copy queries From/To the SMZ4DTA file exists.

By selecting the file to back up, the user can save queries or recover queries in the

event of data loss.

NOTE: This activity requires backups of files AUSELQP and AUSELCP to

be on both the From and To libraries.

Export/Import Definitions

● Export/Import definition commands now support:

Configuration file

Scheduled Entries

CEF and LEEF

● Improved CEF and LEEF support was introduced.

Check Raz‐Lee Authorization (CHKISA) has New

OUTPUT(*EMAIL) Support

● Status of authorization codes will be emailed with new check Raz‐Lee Authorization

OUTPUT(*EMAIL) support.

Audit™


Set Start of Auditing Time (SETRTAUD)

● Set Start of Auditing Time (SETRTAUD) was enhanced to enable entering the QHST

transmission Starting date and time.

Version 13.21 (April 2016)

Triple Syslog Definitions

● Raz‐Lee’s Audit™ product now support sending Syslog messages to up to three (3)

SIEM products simultaneously:

In Syslog definitions, select option 81 in from the main menu of any product

(i.e. STRAUD8132/33/34 or STRFW8171/72/73).

The SYSLOG message is now enabled for multiple SIEM messages (note the

SIEM 1, SIEM 2 and SIEM 3 option items) and message structures using

built‐in as well as mixed variables and constants.

The feature enables adjustable Port, Severity, Facility and Length while offering

Syslog Types: UDP, TCP and TLS (encrypted) support in CEF and LEEF and

user editable modes, using filters for relevant fields.

Processing of SIEM is done on a separate job per SIEM.

A buffer exists to allow intermediate communication problems, or SIEM

downtime.

Once this buffer is full, the processing is delayed.

A message is then sent to QSYSOPR, and an attempt is reconstructed while

communication is made periodically and consistently.

ZIP Report Generator Output

The ZIP parameter was added to the report generator command.

When using the Report Scheduler, it is possible to specify ZIP in the group definition.

Doing so will ZIP all following report output to a single ZIP file.

Audit™


Unique Support of Message Field for LEEF and CEF mode

OS/400™ Messages are defined as text with “Replacement Variables”: &1, &2… iSecurity™

has the capability of extracting the “Replacement Variables” and placing them as proper

pairs of Field name and Field value, when LEEF or CEF mode is defined.

Currently the product supports several hundreds of most popular messages.

For example, let’s take message CPF1164 with the following text:

“Job 654242/QSYSOPR/BACKUP ended on 7/03/16 at 01:00:06;

1.267 seconds used; end code 50”.

Field Name Field Value

Msg_ID CPF1164 Msg_file QCPFMSG Msg_Queue QHST Msg Job 654242/QSYSOPR/BACKUP ended on 7/03/16 at

01:00:06; 1.267 seconds used; end code 50 Job_name BACKUP Job_user QSYSOPR Job_number 654242Ended_on 7/03/16 At 01:00:06 CPU_seconds_used 1.267 End_severity 50

NOTE: Not all fields appear in this example.

The highlighted information represents the extraction of replacement variables from the

message.

This has very important implications as it provides a standard access to all the message

data fields.

Audit™


This is an iSecurity™ unique feature which is new to the market. Presently iSecurity™/

Audit™ supports several hundreds of these messages, a number which will grow.

● Major performance change in LOG and Report access time. Improvement of 80%

expected in certain situations.

Source IP Determination

● In Global Installation Defaults (STRAUD8959), a SYSLOG source Port/IP field was

added (UDP only).



Moving Query Definitions

● A new function Copy Queries from Backup (STRAUD8293) enables technicians to

load a full set of reports (i.e. files AUSELQP and AUSELCP from SMZ4DTA) to a user

defined library and select which reports to copy from it.

Once selected, the user has to select the From and To libraries, and following press on

the key, the list of reports in the From library is displayed.

This option may be important, for example, when some reports have been

accidentally deleted, and there is a need to load them from a backup.

Version 13.19 (March 2016)

New or Improved Query Sources of Information

In Work with Queries (STRAUD411), the following new report types was added:

$H File members

This type provides reporting of large file members, file members that require

reorganization, obtain source members names that were used to create the objects,

and more. $H can be run if 1=Fast mode (takes minutes for the entire system), or

2=Standard mode (takes much longer).

Enter

Audit™


Choose according to the operating system's level and the type of information

required, as the Standard mode includes more fields.

$X Library information [run RTVDSKINF first]

Library information, including size and percentage of disk space is included.

The execution of a report of this type requires a pre‐run of the standard Retrieve Disk

Information (RTVDSKINF) Command.

Information is then taken from this run.

$@ History log

Reports information from the QHST log.

$9 Interface to any spool file query

Intercept any number of spool files that are created by execution of a command or a

program.

The spool files are assembled into free format text that is handled by the report

generator.

Using this $9 type the full range of the report generator capabilities are opened for

use, including HTML, PDF output.

Running on multiple systems, sending by Email and more.

Exporting & Moving Query Definitions

● The Work with Queries (STRAUD 411) enables exporting selective queries.

To do so select X=Export for one or many queries, in one or more instances.

When is pressed, a screen is displayed allowing the user to specify the

target system or systems group (Multi System must be available).

Alternatively, *NONE can be entered.

*NONE will display the name of the *SAVF that is created, and the Import command

parameters that are required on the report system to load the exported reports.

F3=Exit

Audit™


With *NONE it is the customer’s responsibility to transfer the *SAVF to the target

systems.

● A new function Copy Queries from Backup (STRAUD 8293) enables technicians to

load a full set of reports (i.e. files AUSELQP and AUSELCP from SMZ4DTA) to a user

defined library and select which reports to copy from it.

Once the reports are selected, the user has to select the from and to libraries, and

after pressing , the list of reports in the From library is displayed.

This option may be important, for example, when some reports have been

accidentally deleted, and there is a need to load them from a backup.

New Query Capabilities with Sort‐Break Level, Sort Order,

and Multi System

The Query Generator was enhanced to support sorting and layout of sorted data:

● Break after change of a specified number of key fields will cause a subtitle to appear

when a change is encountered. Fields that appears on the subtitle will be omitted

from detail lines.

● Sort order can be defined as A=Ascending D=Descending

● Records to include can be 1=All 2=One record per key (this item is mentioned to show

the complete picture).

● When a query is running on multiple systems, the System Field containing the System

Name will be implicitly added to the printed fields, if not there.

Additional Queries

● Some new queries were added to include the Definitions in the Query Generator:

Z$9_AUDFN $9 Audit™ definitions

Z$9_FWDFN $9 Firewall™ definitions

● A wide set of object related reports. To view them, subset by

“classification=Q”.

Enter

Audit™


NOTE: Most reports default to QGPL information, in order to prevent

unintentional run of such a query for the entire system – a long

process.

Z$I_CHG $I Objects changed (QGPL), Exc. PF

Z$I_DMGED $I Damaged objects (QGPL)

Z$I_MISS $I Objects which their sources are missing (QGPL)

Z$I_OBJC $I Objects by creator (QGPL)

Z$I_OWN $I Objects by owner (QGPL)

Z$I_SCOFR $I Objects owned by QSECOFR (QGPL)

Z$I_SIZE $I Largest objects (QGPL, Above 100MB)

Z$I_SRC $I Objects source (QGPL)

Z$I_SYS $I Objects by system (QGPL)

Z$I_UNSVD $I Unsaved objects (QGPL)

Z$I_USE $I Objects by Usage Date (QGPL)

Z$J_OBJ $J Object authority (QGPL), by object

Z$J_USR $J Object authority (QGPL), by user

Z$K_ALL $K User profile job descriptions with high authority

Z$Q_SCOFR $Q Programs that adopt QSECOFR authority

Z$U_ALLUSR $U All Authorization Lists Users

ZCO_ALL CO All Created Objects

ZOR_ALL OR All Restored Objects

Audit™


New Network Attributes Added

● Some Network Attributes were added, including: DTACPR, DTACPRINM,

ALRHLDCNT.

This might affect Set Audit Compliance Base‐Line (STRAUD4162), as well as

relevant reports.

Auto‐Delete Unused Disabled User Profiles

● A new function was added for Auto‐Delete of Unused Disabled User Profiles

(STRAUD6221-22).

This function (available from release 6.1 and up) will delete users who were in

*DISABLED state for a long period as stated by their Last Used Date, Create Date,

Sign‐on Date.

User Profiles which are Group Profiles will never be deleted.

● An Exception List which accepts generic* names can be used to exclude certain user

profiles.

● User profiles which were already excluded from Auto Disable (STRAUD6211-12)

are considered as excluded in this function, even if found *DISABLED.

● Some reports accompany the Auto‐Delete function:

ZDO_INADLT DO – Users that were DELETED due to inactivity.

This is a standard report.

Z$@_INADLT $@ – Log of Auto‐Delete activity.

This includes information on users that could be deleted and users which, from

some reason, could not be deleted.

This is a textual report that includes two (2) types of messages:

a. Auto‐Delete – User XXXX could not be deleted:

MsgId + MsgText of the reason.

b. Auto‐Delete – User XXXX inactive since YYYY‐MM‐DD deleted.

Audit™


During Auto‐Deletion, these messages are also sent to QSYSOPR.

Global Installation Defaults Enhanced

● This option was enhanced and reshaped.

Included in the enhancements:

Product‐Admin Email

Add SYSTEM to query mail subject

Email Definitions

● The Email Configuration Screen (STRAUD892) now supports

configuration.

Selecting this option will result in sending a mail to the Product‐Admin Email that is

defined in Global Installation Defaults (STRAUD8959).

DDM Data Queues Extended Support

● IBM has repaired its definition requirements for DDM Data Queues. See: http://www‐

01.ibm.com/support/docview.wss?uid=nas8N1020951. Accordingly, a new parameter

was added for the System Definition (STRAUD831). Entry of this parameter is

recommended in all cases, and is required based on the PTF level of the system.

● The DDM Data Queues are re‐constructed automatically by the System Definition

option (STRAUD832). This program also handles the TCP/IP Host Table Entry and

performs ADDTCPHTE or CHGTCPHTE to automatically apply the definition.

Support of User Absence Security was extended to all

Releases

● User Absence Security (STRAUD6241) and current implementation and displays,

are available for all releases of OS/400™.

F10=Verify E‐mail

Audit™



● During Audit™ installation, a repository of all user profiles and their parameters is built

to support the C@ audit type that shows the changes in the user profile parameters in

the format of Parameter: New‐value (old‐value).

In installations with a large number of user profiles this meant that the installation

process was significantly extended.

This process is now run in a separate job, considerably shortening the installation

process.

● Audit™ Export/Import now handles groups.

● In Syslog Definitions (STRAUD8132), the SYSLOG message was changed to now

include the Sub‐Type of the Audit™ type.

● When the result of a query is an IFS file, the date is now included in the object name.

● Changes were made to the JS Audit type to clarify the report information.


● When running Display definition STRxx825, and selecting *ALL, a single spool

file is produced instead of several.

● Audit™ now allows adding line‐breaks in messages that should be sent by e‐mail.

To set line‐breaks add &N in the message at the desired position for the line‐break.

● During Audit™ installation, a repository of all user profiles and their parameters is built

to support C@ audit type to show the changes in the user profile parameters in the

format of Parameter: New‐value (old‐value). Since some customers have significant

number of users growing to 60K, this part of the installation is now run in a separate

job. This will shorten the Audit™ installation process.

● Audit™ Export/Import now handles groups.

● E‐Mail configuration screen now enable a Verification of the definition by sending a

test mail.

Audit™


● When running Display Definition (STRxx825) and selecting *ALL, a single spool


● Audit™ allows adding the source of the rule that triggers a message.

This allows the identification of the rule in case of modification.

To add the source use at the desired position within the message.

● Audit™ now has an option in the User Management Menu to delete inactive, disabled

users.

To delete inactive, disabled users:

Select 62 – User Management from the Audit™ Main Menu.

Select 21 – Delete Unused Disable Users from the User Management Menu.

● Audit™ has two new Audit types:

$H – PF Members by size.

$X – Libraries.

● Audit has the following new reports:

Z$E_ISEC – $E – All the scheduled jobs used by iSecurity™ modules.

Z$H_SIZE - $H – PF Members by size (Library QGPL).

Z$X_SIZ – $X – Libraries (by size) [run RTVDSKINF first].

ZCP_INADIS – CP – Users that were DISABLED due to inactivity.

ZDO_INADLT – DO – Users that were DELETED due to inactivity.

● Query sorts can now be defined as both ascending and descending.

● Query filter fields can now be compared to values with decimal places.

● Query definitions can now be exported to other computers in the network.

To define Queries:

Select 41 – Queries and Reports from the Audit™ Main Menu.

Select 1 – Work with Queries from the Queries Menu.

F9

Audit™


NOTE: Run RTVDSKINF first.

Email definitions

The Email configuration screen (STRAUD892) now supports E‐mail

configuration.

Selecting this option will result in sending a mail to the Product‐Admin Email that is defined

in Global Installation Defaults (STRAUD8959).

Version 13.06 (October 2015)

● Audit™ now supports using TLS (Transport Layer Security) to transport Syslog

messages.

To set the Syslog definitions:

Select 81 – System Configuration from the Audit™ Main Menu.

Select 32 – Syslog Definitions from the System Configuration Menu.

● It is now possible to monitor QHST in the same manner as any other message queue.

To define the settings for QHST:

Select 14 – Message Queue from the Audit™ Main Menu.

Select 1 – Control Message Queues/QHST from the Message Queue Menu.

● It is now possible to define a sign on schedule using the User management module of

Audit™.

To define the sign on schedule:

Select 62 – User Management from the Audit™ Main Menu.

Select 21 – Work with Schedule from the User Management Menu.

● It is now possible to define break fields when you sort a Query.

F10= Verify

Audit™


To define Queries:


Select 1 – Work with Queries from the Queries Menu.

● System Value queries ($A) have been improved.

To define Queries:


Select 1 – Work With Queries from the Queries Menu.

● A new BASE support menu has been added to all products.

Many of the options from the Maintenance Menu were moved to the BASE Support

Menu.

The email options from the Configuration Menu have also been moved to the BASE

Support Menu.

To make use of this new feature, the BASE product (SMZ4) MUST be installed first.

To access the BASE Support Menu, do the following:

Select 89 – Base Support from the product Main Menu.


● Upon defining Real Time Detection Rules, users can now define an action to be

performed if the event being audited repeats more than a given number of times

within a defined period of time. The user can also continue with the rest of the rule

after performing the action. To define detection rules, do one of the following:

Select 11 – Real‐Time Auditing from the Audit™ Main Menu.

Select 12 – Firewall™/Screen™ from the Audit™ Main Menu.

Select 13 – Status & Active Job from the Audit™ Main Menu.

Select 14 – Message Queue from the Audit™ Main Menu.

● Changes have been made to the IFS auditing authorization checks.

Audit™


If the user installs this version he must re‐install Audit™ as a new installation, including

the /iSecurity directory.

● Sending PTFs through the network is now restricted to iSecurity™ products only.

If the user needs to send PTFs for other products – please contact Raz‐Lee Support.

To send PTF files, do the following:

a. Select 83 – Central Administration from the Audit™ Main Menu.

b. Select 52 – Send PTF from the Central Administration Menu.

● Various updates were made to Queries:

The $s and $P Queries now correctly display the new system values.

The user can now run queries on commands that were run from AOD that did

not originate in any program.

The Query Report layouts were updated.

To access Audit Queries, select 41 – Queries and Reports from the Audit™ Main

Menu.

● The main iSecurity™ menu, accessed by the STRSEC command, was changed to allow

direct access to all iSecurity™ products.

● Users can now add iSecurity™ Authorization for newly installed products prior to

configuration of these products.

To add iSecurity™ Authorization, do the following:

a. Select 82 – Maintenance Menu from the Audit™ Main Menu.

b. Select 12 – Work with Authorization from the Maintenance Menu.

● In the Maintenance Menu, the Uninstall option is now 98 and new options were

added to define Global Installation Defaults and to set STRSEC as in the *BASE

installation.

To access the Maintenance Menu, select 82 – Maintenance Menu from the Audit™

Main Menu.

● The following improvements were made to Syslog messages:

Audit™


They are now sent without being split.

Sending the messages in Common Event Format (CEF) is now supported.


● Users can now display the Authorization Status of all iSecurity™ products on a specific

system.

Products with forthcoming expiration dates are emphasized.

To display the authorization status, do the following:


b. Select 13 – Authorization Status from the Maintenance Menu.

● Users can now check Authorization Status across their network and send messages to

the system operator about upcoming problems.

To check the authorization status across the network, do the following:


b. Select 59 – Check Authority Status from the Central Administration Menu.

● Users can now run remote commands from its local system either from a file with a

list of commands or from commands sent to the command as parameters.

To run remote commands, do the following:


b. Select 51 – Run CL Scripts from the Central Administration Menu.

● User can now set the Global Installation Default parameters that iSecurity™ uses to

control the Installation and upgrade processes.

To define the parameters, do the following:


b. Select 91 – Global Installation Defaults from the Maintenance Menu.

Firewall™


Firewall™ Chapter 6


● New JOB parameter was added to the DSPFWLOG.

● Function key was added to the DSPFWLOG results screen.

This feature will show captured screens (providing Capture™ was active).

● Export/Import – now supports the servers' severity settings (8122).

A GNSEVSET parameter was added to the EXPS1 and IMPS1 commands.

● New menu option 4161 – this new feature allows to add users into Firewall™

groups.

● New option in the Setting DB‐OPEN and SQL, menu option 12. The new option

allows exclusion of:

Specific object in all (*ALL) libraries.

Specific object from specific library.

All objects (*ALL) from QSYS and QUSRSYS libraries.

from being checked by Firewall™ DBOEN.


● A number of updates were made including SQL verb Merge.

Setting Exit Points

● The DBOPEN/SQL Exit Point Setting Properties Screen moved to a new location and is

now called Setting DB‐OPEN and SQL (STRFW12).

It is made up of two screens. In the 2nd screen there is a new option:

Work with files to exclude

F5

Firewall™


Work with Database SQL Server Jobs

● This option is new and enables working with SQL database items only.

Additional Message Information

● This new screen provides information about actions performed (or not performed)

which are listed in the log.

This screen enables viewing of Command Type, User, IP, Decision Level and Operation

Mode.

New Verb – Merge Processed

● A new status was added in the Status Column – Merge.

DSPFWLOG Type (*TELNET)

● Telnet device installation is now enabled as a server option in the Additional Message

Information screen.

*PRINT1-*PRINT9 User Parameters

● Export/Import Options are defined (in Audit™ definitions only), and the parameters

can be viewed in Firewall™ and set accordingly.


● The DBOPEN/SQL Exit Point Setting (STRFW12) was enhanced to include

“Control by Exit-Point” and to allow greater operational flexibility,

significant performance improvements and better security.

● A new option exists in STRFW19. It works with Database SQL Server Jobs.

● The DSPFWLOG option in STRFW411 Additional Message Information has new

updates.

● STRFW11 now includes a new SQL Verb Merge Record Status.

Firewall™


● DSPFWLOG TYPE(*TELNET) provides Information about Server IP.

● STRFW811/2 Export/Import Definitions parameters relocated to definitions'

screen.


● Raz‐Lee’s iSecurity™ products now support sending Syslog messages to up to three (3)


In Syslog definitions, select option 81 in from the main menu of any product

(i.e. STRAUD8132/33/34 or STRFW8171/72/73).







Processing of SIEM is done on a separate job per SIEM. A buffer exists to allow

intermediate communication problems, or SIEM downtime.

Once this buffer is full, the processing is delayed. A message is then sent to

QSYSOPR, and an attempt is reconstructed while communication is made

periodically and consistently.

Source IP Determination

● In Global Installation Defaults (STRAUD8959), a SYSLOG source Port/IP field was

added (UDP only).



Firewall™


Extended Monitoring of ODBC and SQL by Combining DB‐

OPEN and SQL Exit Points Benefits

● Both the DBOPEN and the SQL exit points can be used to control file access, yet there

are some differences:

SQL controls ODBC requests, including Create/Delete of file/library.

DBOPEN controls ALL file opens, remote and local (Interactive and Batch).

DBOPEN also allows working with pre‐selected files to reduce overhead.

While DBOPEN is superiority to the SQL exit point in performance and analysis

accuracy, SQL statements which do not OPEN files cannot be recorded via

DBOPEN.

● The DBOPEN/SQL Exit Point Setting (STRFW8110) was enhanced.

Since DB‐OPEN has higher priority than the SQL, exit point in performance and

accuracy of analysis, SQL statements which do not involve OPEN of files cannot be

recorded by its use.

A significant benefit of DBOPEN is the ability to monitor pre‐selected files only; this

dramatically reduces the number of times the exit point is invoked, improving

performance.

To enable this capability, select either options 2 or 8 below. Files can be pre‐selected

by STRFW2151 or by other methods which sets these file’s audit attribute to

*CHANGE or *READ.

New features were added to enable simultaneous use of the two exit points to allow

the full monitoring of activity and still preserve the advantages of each. Options 7 and

8 were added, so the product now allows:

1=DBOPEN All files.

2=DBOPEN Audited files.

7=DBOPEN All files in addition to the ability to monitor SQL statements that

cause no OPEN.

Firewall™


8=DBOPEN Audited files in addition to the ability to monitor SQL statements

that cause no OPEN.

9=SQL.

Selecting option 7 or 8, where both exit points are used, SQL setting which can

accept:

1=All operations.

2=Non DBOPEN operations.

Should be set to 2=Non DBOPEN operations.

NOTE: It is possible to set DBOPEN to monitor only pre‐selected files.

This dramatically reduces the number of time this exit point is

being alerted by the operation system, resulting with

performance improvement.

a. To enable this capability, the user should select option 2 or 8.

b. The user must also pre‐select files to be monitor by use of STRFW21

51 or by other methods which sets these file audit attribute to *CHANGE

or *READ.

Doing so does not mean that the Audit™ module should be set to include

entries which may be generated as per this definition.

Tracing Changes in Product Definitions

● Firewall™ as well all iSecurity™ modules allow tracing of product definitions by use of

DB‐Journaling and a completely free use of the AP‐Journal™ for this reporting.

To enable this option, do the following:

a. Set definition files to be journaled (STRFW8271).

b. Set Global Installation (STRFW8959)

Firewall™


▬ Auto jrn def files on install = Y.

▬ Use AP-Journal™ to trace def chgs =Y.

c. Trace changes (STRFW 8279).

Generic Base Support

● A generic BASE Support Menu was added to the product (STRFW89).

This screen integrates considerable functionality which crosses different modules of

iSecurity™.

Extended Reporting of Firewall™ Definitions

● Firewall™ now present improved possibilities to report product definitions:

The standard Print Definition option was enhanced to provide a single spool file

to include all the different definitions.

The menu provides a separate entry for reporting Firewall Definition

(STRFW42).

A new queries was added to the Firewall Definition Query Generator (which

includes HTMP, PDF, Email) to include the definitions of Firewall™:

▬ Z$9_FWDFN $9 Firewall Definitions.

Print Firewall™ Definitions

● For Type *ALL only one combined spool file is generated instead of a lot of separate

spools.


● In the Definitions of IFS Object Usage (STRFW221), defining a generic entry for

the directory allows the directory subtree to inherit In‐product IFS authorities,

according to the definitions in the Additional Definitions screen (STRFW812).

Firewall™


● In the Syslog definitions (STRFW8171), variable &6 now represents the IP and not

the Product ID.

● In options 1 – 6 of the Native Object Security Menu (STRFW21), when opening a

new definition by pressing the key, there is now no validation on the Library.

Previously, the user could not enter *USRLIBL as the Library.




● Changed behavior in DSPFLOG that prevented users with iASP environment to switch

to another iASP.

It is possible now to use the Set ASP Group (SETASPGRP) in all cases.

The prevention after using DSPxxLOG, RUNxxQRY was removed.

● Additional function in IFS objects usage.

It is now possible to limit the authorities of a directory and do not inherit it to lower

directories when using generic names.

● STRFW111 – Now there are no more differences between the situation where

the >5. Device Names appears with > but says *ALL Y, and when it is not defined

(no >).

● Upon defining Users and Groups, the user can now limit them to single IP address.

From that IP address, the users and groups will be allowed to work with as many

sessions as necessary.

To access the user settings, do the following:

Select 11 – Users and Groups from the Firewall™ Main Menu.

● The process for running a second Network Security system in parallel to Firewall™ was

improved.

To run a second Network Security system in parallel, do the following:

F9

Firewall™


Select 82 – Maintenance Menu from the Firewall™ Main Menu.

Select 99 – More… from the Maintenance Menu.

Select 1 – Use Firewall™ in parallel with other Exit Programs from the

Maintenance Menu – Part 2.

NOTE: Since this option involves running other vendor programs, it is

provided as a service which carries no warranty for its results.

● STRFW42 (Firewall definition reports) is now shipped with a predefined set of

reports.

Field based information includes:

1K *FW‐DFN Native Object Security

1L *FW‐DFN IFS object security

1M *FW‐DFN Command Exceptions

1N *FW‐DFN Users & Groups


● Upon defining Users and Groups, the user can now limit them to single IP address.

From that IP address, they will be allowed to work with as many sessions as necessary.

● To access the User Settings, do the following:

Select 11 – Users and Groups from the Firewall™ Main Menu.

● The process for running a second Network Security system in parallel to Firewall™ was

improved.

To run a second Network Security system in parallel, do the following:

a. Select 82 – Maintenance Menu from the Firewall™ Main Menu.

Firewall™


b. Select 99 – More… from the Maintenance Menu.

c. Select 1 – Use Firewall™ along with other Exit Programs from the

Maintenance Menu – Part 2.

NOTE: Since this option involves running other vendor programs, it is

provided as a service which carries no warranty for its

consequences.


● Firewall™ now supports using TLS (Transport Layer Security) to transport Syslog

messages. To set the Syslog definitions:

a. Select 81 – System Configuration from the Firewall™ Main Menu.

b. Select 71 – Syslog Definitions from the System Configuration Menu.

c. A new BASE support menu has been added to all products.

● Many of the options from the Maintenance Menu were moved to the BASE Support

Menu. The email options from the Configuration Menu have also been moved to the

BASE Support Menu.





● The Open Database Settings Interface was improved and renamed as the DBOPEN/SQL

Exit Point Setting.

To access the DBOPEN/SQL Exit Point Setting screen, do the following:

Firewall™



b. Select 10 – DBOPEN/SQL Exit Point Setting from the System Configuration

Menu.

● In the Firewall Additional Settings screen, the Skip All activity for users' parameter was

renamed to Skip Activities of User or grpprf.

To access the Additional Settings screen, do the following:


b. Select 2 – Additional Settings from the System Configuration Menu.

● In the Work with Operators screen, there is now an option to copy a definition from

one user to another, enabling the users to set up rules quickly for new users.

To access the Work with Operators screen, do the following:

a. Select 82 – Maintenance Menu from the Firewall™ Main Menu.

b. Select 11 – Work with Operators from the Maintenance Menu.

● In the definitions of both Server Security Settings and User Security Settings, the rules

for DBOPEN now follow immediately after the rules for SQL.

To access the Server Settings, do the following:

a. Select 1 – Activation and Server Setting from the Firewall™ Main Menu.

b. Select 1 – Work with Servers from the Activation and Server Setting Menu.

To access the User Settings, do the following:

a. Select 11 – Users and Groups from the Firewall™ Main Menu.

● In the definitions of native object security, users can now add exception rules for

commands.

To access the Command Exceptions, do the following:

a. Select 21 – Native Objects from the Firewall™ Main Menu.

b. Select 9 – Command Exceptions from the Native Object Security Menu.

Screen™


Screen™ Chapter 7


● Number of terminals allowed to be handled by the Screen™ was increased to 6,000.

DB‐Gate™


DB‐Gate™ Chapter 8


● A critical update to ensure there is only one serving job per requester job. This is done

using the sessions' file.

● Build time and version are printed now to IFS server log.

● Native side:

When starting the server in run mode #2 the DataQueue is recreated.

● Native side bug fix:

The log file SMZBDTA/DBXX is made up as member per day.

The name given to each new member was incorrect.

Correct member name is now 'L' + YYMMDD.

● DB‐Gate server on PC:

AboutDialog – open log: "open file" dialog shows only real logs and hides lock files and

directories.

Log is displayed in an internal real only viewer that has a popup with some basic

functions.

● The definition: os400.stderr=file:/tmp/dbgater_err_sys.txt is

removed from the sp.properties file.

It has been found that the line prevents a 64bit JVM from loading.

Version 2.40 (September 2014)

The following improvements were made to the DB‐Gate™ in this version:

● The DB‐Gate™ Server can now use multiple JVMs to share the work load.

DB‐Gate™


● Monitor job controls the number of running JVMs at all time.

● Performance and stability improvements.

● Improved logging and log viewer.

● DB‐Gate™ on the PC – new system tray based GUI.

● Special JVM launchers for different memory requirements.

Version 2.33 (July 2014)

● Verify RDB connection.

● The user can verify the RDB connection from either the Work with DB Directory Entries

screen or by using option 52. Verify Connection in the main DB‐Gate™ Menu.

Version 2.32 (June 2014)

● Performance Improvements.

● Performance improvements for data retrieval from SELECT statements.

● Performance improvements for KEEP ALIVE statements.

SQL

● Support for SELECT INTO adjusted to be compatible with IBM® PTFs.


● ARDPGM

● DB‐Gate™ now identifies and handles the state where the ARDPGM is cleared from

the memory (for example; as a result of the Reclaim Resources command).

Logging

● When running in server mode, both the requester job and activation group details are

now reported by the server to the DB‐Gate™ engine.

DB‐Gate™


These details are logged; therefore it is easier to correlate server activity with engine

activity.

SQL

● Improved support for SELECT INTO.


● UI.

● New session monitor.

● New screen for running performance and load tests.

SQL

● Three‐part name support (limited to those supported by IBM®).

● Support for SELECT INTO.

● Support for callable statements with bound variables.

Capture™


Capture™ Chapter 9


● Used Storage of Capture™ is now reported accurately.

Work with Collected Data, was enhanced to report the Capture™ product's Used

Storage even if a period was compressed.

In such a case; the compressed size is presented.

To examine this new feature type: STRAUD8951.

● If the Capture™ maintenance is interrupted or ends unexpectedly, the display capture

session (Option 41) might get affected.

A newly added feature bypasses and prevents such situations – main header file is

now referenced to prevent cases where the header file is not being copied onto the

SMCPyymmdd library and prevents the screens to be accessible.

● Capture™ Activation Screen – in STRCPT11, Option 19 was renamed to 29.

New Option 21 – Suspend Monitoring Activity – ends the monitoring process while

keeping the subsystem active and the capture activity continues intact.

Capturing of newly started jobs continues as normal. Monitoring can start capture

activity based on time (i.e. during night shifts).

This function is suspended.

To permanently suspend this capability use STRCPT811, and set “Minutes

between checks (where 998=Never check)”.

● New Option 22 – Resume Monitoring Activity.


● *PRINT option in Authority on Demand™ (AOD) now includes the captured screens.

Capture™


Version 4.12 (February 2017)

● Background of the captured screens was change to be always white.

● Creating of PDF screens document was added to HTML screens document.

● Data management commands were added to control superfluous data.


● The Display Log Options (41, 42):

The 9=Email, was enhanced to Email as PDF in addition to Email as

HTML.

Email was enhanced to support ZIP.

● Automatic Compression was added.

It supports auto‐compression and decompression of all data.

It is stored in the (semi) daily SMCPyymmdd libraries.

Data is compressed so that about 1300 frames (captured screens) consuming

approximately 1Mb.

Date is automatically decompressed when needed.

● The system configuration was enhanced to allow the creation of the (semi) daily

SMCPyymmdd libraries, every specified number of days, instead of every day.

● The system configuration options were reordered and contain more explanations.

● Accuracy of the system, while exploring old job numbers, was enhanced.

Cases where a job numbers were duplicated are now processed by using the Job

Name and the User Name fields of the job.

● Misuse of leap year's February was resolved.

● The option to eliminate a dump spool file is now in place.

Capture™


● The option to eliminate the “Member not found” message when observing two

(2) or more days old data is now in place.

Version 4.01 (November 2015)

● Double Byte Character Sets are now captured correctly.

● The users no longer receive missing member messages when displaying captured

data.

● Data compression is now used on the log file to save disk space.



Menu.


Support Menu.





● When working with options 45 – Display Current Data and 46 – Display Restored Data,

if the user chooses to receive the output as HTML, it can now chose to send the file

compressed (ZIP file).

This reduces the size of the file by up to 90%.

Field & PGP Encryption™


Field & PGP Encryption™ Chapter 10


● Collect Encryption PF Fields (CLTENFLD) – a new parameter was added: *LASTUSED

– the library that was last used.

● On Activation (search for text: Activate ZENCRPT subsystem) a notification

was added: ZENCRPT is auto activated when needed. A minor delay may be noticed.

● Option 811 was slightly changed.

● Option 812 was added (explanation included in screen).

● Option 21 Force Encryption Rotation was enhanced to include capability for

scheduling it to run on a batch job.

● The following was added to the Maintenance menu:

Supporting Commands:

31 Duplicate Fields for Encryption

32 Change Authorization Groups

33 Encrypt/decrypt fields

These are commands that allow working by commands rather than by the regular

entry screen.

AP‐Journal™


AP‐Journal™ Chapter 11


● In STRJR1179 – Building Journals and Receivers, the following menu items were

added:


● When adding a journal, the Program Library, and the IP address are added and the

user can start a new receiver.

To add a journal, do the following:

a. Select 82 – Maintenance Menu from the AP‐Journal™ Main Menu.

JRBLJR Journal Build and Maintain iSecurity/Journal System: S520 Select one of the following: Journal Build Journal Maintenace 11. Create Journal Receiver 41. Work with Journal 12. Create Journal 42. Work with Journal Attributes 13. Start Journal Physical File 43. Print Journal Attributes 14. Start Journal Access Path 49. Generate and Attach a New Receiver Journal End 21. Delete Journal Receiver 22. Delete Journal 23. End Journal Physical File 24. End Journal Access Path Selection or command ===> __________________________________________________________________________ _______________________________________________________________________________ F3=Exit F4=Prompt F9=Retrieve F12=Cancel F13=Information Assistant F16=AS/400 main menu

AP‐Journal™


b. Select 71 – Add Journal from the Maintenance Menu.

● Users can now define journal output as either an application or a report.

To define journal output, do the following:

a. Select 11 – Applications, BizAlerts etc. from the AP‐Journal™ Main Menu.

b. Select 1 – Work with Journal Applications from the Applications, BizAlerts –

Definitions Menu.



Menu.


Support Menu.





● When adding a journal, the Program Library, and the IP address are added you can

start a new receiver.

To add a journal, do the following:

a. Select 82 – Maintenance Menu from the AP‐Journal™ Main Menu.

b. Select 71 – Add Journal from the Maintenance Menu.

● Define journal output as either an application or a report.

To define journal output, do the following:

a. Select 11 – Applications, BizAlerts etc. from the AP‐Journal™ Main Menu.

b. Select 1 – Work with Journal Applications from the Applications, BizAlerts –

Definitions Menu.

AP‐Journal™



● The journal Collect Job Now works under the SECURITY4P user profile.

Authority on Demand™ (AOD)


Authority on Demand™ (AOD) Chapter 12



● Raz‐Lee’s iSecurity™ products now support sending Syslog messages to up to three (3)


In AOD Main Menu, select option 81.







Processing of SIEM is done on a separate job per SIEM.

A buffer exists to allow intermediate communication problems, or SIEM

downtime.

Once this buffer is full, the processing is delayed.

A message is then sent to QSYSOPR, and an attempt is reconstructed while

communication is made periodically and consistently.


● In option 5, new notification message was added to alert customers if the user profile

to add as a provider does not exist in the system.

To view this new message, type: STRAOD5 and try to add a user named

QUQU. The message should pop‐up.

F6




● In STRAOD1131, activate SBMJOB handling for 1=Add:

This option is relevant for AOD where the rule uses 1=Add authority.

Once selected, it enables the user to submit jobs which will carry an elevated

authority, regardless of the state of the submitting Authority on Demand™

(AOD) sessions.

This unique capability is subject to retaining the value USER(*CURRENT) in the

submitted job.

Special consideration must be taken when activating the SBMJOB command

with :

If the user practices for the command Submit job (SBMJOB) the

parameter Command (CMD) is not displayed and cannot be changed.

To bypass this issue, use the command AODSBMJOB instead. This command

allows changes to the parameter (CMD), including the usage of .

● In STRAOD8211, use AODSBMJOB instead of SBMJOB:

This is a replacement for the SBMJOB command.

Using the command GETAOD, the user can add an authority session.

It enables regular usage of for the Command (CMD) parameter.

Display of History Log now has 1‐9 options including 6=STRSQL and

9=AtEnd.

● In the Display History screen, found in option 41, there are numerous new selections

available (from 1-9), including filtering according to Cmd line,*CSV, Cmds, Audit™,

STRSQL, Screens, DB and AtEnd.




F4=Prompt

F4=Prompt

F4

F4





Menu.


Support Menu.







● A new feature allows the user to display or print configuration definitions. To display

the configuration definitions:

a. Select 82 – Maintenance Menu from Authority on Demand™ (AOD) Main

Menu.

b. Select 5 – Display Definitions from the Maintenance Menu.

● The user can define the ability to send a Session End Activity email to either one of the

below options or to both:

*PROVIDER (the user may still use the Authority on Demand™ (AOD) rule

settings).

A specific email address.

To display the configuration definitions:

a. Select 81 – System Configuration from the Authority on Demand™ (AOD)

Main Menu.

b. Select 8 – Session End Activity from the Maintenance Menu.



● It is now a prerequisite for Authority on Demand™ (AOD) installation/upgrade to

install the SMZ4 base library in order to have access to the new BASE Support Menu.

An Audit™ license key is not required.

● After the installation of the SMZ4 base library, the newest email features, such as the

Email Address Book, are available in Authority on Demand™ (AOD) from the new BASE

Support Menu.


Select 89 – Base Support from the Authority on Demand™ (AOD) Main Menu.

● In the AOD Authority Rules:

a. Adding Global Authority (option 7) is no longer available.

NOTE: If option 7 was used, the user will need to make manual

changes after upgrading.

b. When copying a rule, the PIN code is not copied and the number of uses

left is set to 98 (Ignore PIN).

c. Adding Special Global Authority (option 9), can now grant USRCLS and

LMTCPB settings of the provider (in GETAOD).

To access the Authority on Demand™ (AOD) Rules, do the following:

Select 1 – Authority on Demand™ (AOD) from the Authority on Demand™ (AOD)

Main Menu.

● The Authority on Demand™ (AOD) Main Menu has a new look and feel.


● The option to add authority globally in Authority on Demand™ (AOD) rules is removed.

To define Authority on Demand™ (AOD) Rules:



Select 1 – Authority on Demand™ (AOD) Rules from the Authority on Demand™

(AOD) Main Menu.


● The following improvements were made to Syslog Messages:




● A new Audit Queries and Report Scheduler section was added to the main menu, with

the following options:

51 – Commands Entered in Authority on Demand™ (AOD).

52 – Work with Queries.

53 – Work with Report Scheduler.

● New options for Password Reset were added to the System Configuration Menu.

To access the System Configuration Menu, do the following:

Select 81 – System Configuration from the Authority on Demand™ (AOD) Main

Menu.

● New options for Password Reset™ were added to the Activation Menu.

To access the Activation Menu, do the following:

Select 11 – Activation from the Authority on Demand™ (AOD) Main Menu.

● The Operators section of the Maintenance Menu was renamed to Operators and

Authority Codes, and two new options were added:

13 – Display Authority Status.

14 – Check Network Authority Status.

To access the Maintenance Menu, do the following:



Select 82 – Maintenance Menu from the Authority on Demand™ (AOD) Main

Menu.

● New options are available for Authority on Demand™ (AOD) Rules:

Users can now add both authority and special authority globally.

Users can now ignore the requirement for a PIN code.

Exporting rules now exports both the current rule and also the corresponding

provider.

To define Authority on Demand™ (AOD):

Select 1 – Authority on Demand™ (AOD) Rules from the Authority on Demand™

(AOD) Main Menu.

● A *CSV file output is now available for the Display Log.

To access the Display Log options, do the following:

Select 41 – Display Log from the Authority on Demand™ (AOD) Main Menu.

● A *CSV file output is now available for Session End Activities.

To access the Session End Activity options, do the following:

a. Select 81 – System Configuration from the Authority on Demand™ (AOD)

Main Menu.

b. Select 8 – Session End Activity from the System Configuration Menu.

● User can now define operator authority for Password Reset and User Provisioning.

To define operator authority:

a. Select 82 – Maintenance Menu from the Authority on Demand™ (AOD)

Main Menu.

b. Select 11 – Work with Operators from the Maintenance Menu.

● Session end activity is now performed in a batch job instead of interactively.

This significantly reduces the processing time for the GETAOD/ENDJOB process.

Password Reset™


Password Reset™ Chapter 13


● In STRPSWRST11 – P‐R Classes, there are textual modifications were made.

● For enhanced security, verification code now allows splitting the message into two:

Verification method...0 0=None,1=Once,2=Split(Email+Cell)

If 2=Split option is selected, half of the code is sent by mail and the other half – by

cellular text message.

● New command (CHGPRINF) enables end‐users to enter their personal attributes and

private questions and replaces the previous CHGPRQST command.

The new command can also be used for updating existing personal attributes.

● In option 8151 a new parameter was added:

Allow self entry of ID info . . A Q=Questions, A=All(Pers.+Quest.), N=No


● In STRPSWRST1 – Work with Persons, following the selecting of 7=Questions,

press the key to Show/Hide the Answer.

● In STRPSWRST64 – Copy HR Data to Persons File, *clear = the Password Reset

disposable user files are cleared.

● Personal Questions can now appear in random sequence for added security.

Two random sequence questions are displayed, and then when implementing

password reset an additional random question is displayed.

● Password Reset™ random questions were added and additional updates are described

in Password Reset™ section.

F5=Display/Hide

Change‐Tracker™


Change‐Tracker™ Chapter 14


● The Change‐Tracker™ Log File now contains information for how an object was saved.

● Upon defining libraries to track, the default for whether to keep the source of a

changed object is now Yes.

To define libraries to be tracked:

a. Select 31 – General Definitions from the Change‐Tracker™ Main Menu.

b. Select 1 – Libraries from the General Definitions Menu.


● Many of the options from the Maintenance Menu were moved to the BASE Support

Menu.


Support Menu.





● Upon defining libraries to be tracked, the users can now use wildcards to define a

generic group of libraries (for example; SMZ* defines all libraries that start with SMZ).

Also, the option to skip a library (or group of libraries) was now added.

To define libraries to be tracked:

a. Select 31 – General Definitions from the Change‐Tracker™ Main Menu.

Change‐Tracker™


b. Select 1 – Libraries from the General Definitions Menu.


● Upon defining the object changes that need to be tracked, the user can now omit

changes made by renaming the object.

This functionality is available for object and source member changes for native

objects, for IFS object changes, and for changes in the PTF Activity Log.

To define object changes, use one of the following options from the Change‐Tracker™

Main Menu:

1 – Object Changes

2 – Source Members Changes

11 – IFS Changes

21 – PTF Objects Activity Log

● Upon defining the object changes that need to be tracked, the user can now omit

Saved Information changes.

This functionality is available for object and source member changes for native

objects, for IFS object changes, and for changes in the PTF Activity Log.

To define object changes, use one of the following options from the Change‐Tracker™

Main Menu:

1 – Object Changes

2 – Source Members Changes

11 – IFS Changes

21 – PTF Objects Activity Log

Anti‐Virus™


Anti‐Virus™ Chapter 15

Version 6.94 (May 2017)

● Fix to leave virus DB from old installation.


● Send log to recipient list address book.


● Add option to Send log file as mail.


● Avoid change of system value in Real Time.


● Avoid useless change of system values.


● Avoid log wrapping.


● Bug fix.

Anti‐Virus™



● Change /SMZVDTA owner to SECURITY5P.


● Add TLS to SYSLOG.


● Bug fix.


● Change FYI behavior.


● Fix virus mail message.


● Upgrade scan engine to ClamAV 0.99.2.


● Add Mail CCSID.




Menu.

Anti‐Virus™



Support Menu.




● Increase freshclam.conf MaxAttempts to avoid timeout.


● Fix HTTP proxy settings.


● Improved ability to send e‐Mails when detecting a virus in an IFS file.


● Uses the latest ClamAV engine 0.98.7.


● The following improvements have been made to Syslog messages:



Assessment™


Assessment™ Chapter 16

Version 3.1.12 (October 2016)

● Bug Fix – the product crushed while generating report and where the Anti‐Virus™

module was not installed.


● Preferences (Settings) screen – removed settings regarding number of users.

Assessment™


Version 3.1.10 (September 2016)

● New look & feel for the reports.

● This release runs on latest Java8.

NOTE: It is important to use this version with latest Java™ release.

● Removed mail sending function since there were many issues with it and it got even

worse with newer Java™ releases.

● Added settings UI for different aspects of the report that are due to the number of

users.

● Analyzing Libraries with *PUBLIC Authority.

This is optional upon settings as there is a potential for long running operation.

Version 2.3.02 (January 2015)

● Added support for *NOQTEMP (Auditing of Objects in QTEMP) in section #3.7.

● Bug fix for querying *ATNEVT Auditing value.

● The special exit program GSCCASQ@R for exit point 'Database Server – SQL

access & Showcase' is now recognized by Assessment™ as a part of iSecurity™.



Authority Inspector™ Chapter 17


This is a monthly product authority extension only.

Version 1.1.10 (August 2017)

This is a monthly product authority extension only.

Version 1.1.09 (July 2017)

● Added links panel – This is an optional panel that can be manifestly set to True or

False. When visible, it contains a link per any dimension to enable quick switch

between them.



● Bug fix – Clicking a check‐box on the filter area resulted in deleting other rows as well.

● Data table – Reordering of columns is enabled.

GUI™


GUI™ Chapter 18


● The structure of the Compliance Node was updated from:

To:

GUI™


● The Central Administration was adjusted to native from:

To:

GUI™



AP‐Journal™

● Output Fields per File Fields to ignore – a bug fix where in cases where there was a

single field, it was presented as a Not Checked field.

Capture 5250

● Adjustment was made to the native ("green") program.

When the screens are compressed, a call was added to the native program to make

them available.

● Also, a test was added for existence of member to enable more accurate message

when screens are not found.


● Active jobs – Node is properly assigned now to Authority on Demand™ (AOD).

Version 4.7.19 (June 2017)

Scheduler for Firewall™/Audit™/AP‐Journal™

● Bug fix regarding the synchronization between the GUI™ and IBM's prompter.

User input was saved incorrectly.

Version 4.7.18 (May 2017)

Authorization

● Bug fix regarding authority of the Change‐Tracker™ module – If library SMZT was

missing, Anti‐Virus™ module's menu option did not show on the iSecurity™ Navigator

Window's Menu tree.

GUI™


Audit™ Real Time Detection Rules and Queries and

Reports

A warning message for empty filter, in Audit™ (and other applications) Queries and

Reports and Audit™ Real Time Detection Rules was added.

Version 4.7.17 (March 2017)

● For computability reasons (with the native/"green" version), two (2) changes were

made to the iSecurity™ Navigator Window:

In the Authority on Demand™ (AOD) menu item, and

In the Queries and Reports menu item.


Instead of the old Authority on Demand Log menu item, now there is a Log menu item

which presents three (3) sub‐menu items:

♦ The old Authority On Demand Log menu item,

GUI™


♦ Two (2) new Print Log menu items:

i. Print Log + Attachments

ii. Print Log + Entered Commands

Queries and Reports

In the Queries and Reports menu item, under the Queries sub‐menu item, an Authority

on Demand Queries was added.

GUI™


In the Visualizer™ Business Intelligence products, both Audit™ and Firewall™ (and

other applications as well), instead of the old Tab management system, now there is a

new button ( ) in the Tools Menu.

When clicked upon, it opens a drop‐down list box allowing selection of the Active Tab.

To save time on searching for the specific Tab name:

Once in the list box's search bar (marked with yellow in the screen capture

below), the user may type the letters included in the required Tab Name.

GUI™


As a result, the list of Tabs will minimize to present the Tab Names which include

these letters.

The new button in the Tools Menu:

The new drop‐down list box:

GUI™


Version 4.7.16 (February 2017)

Scheduler

● The default for command output was adjusted to native.

Journal Application Definitions

● Adjusted to native with support for IASP, Auto Backup older data and Exit program

(after filter).

● Added verification of journal when editing an application or a report.

User profile Report in Visualizer™ Business Intelligence

● Drill‐down feature extended to support: $A, $B, $C, $D, $G, $P, $Q queries types.

GUI™


Compliance – Run Plan

● Adjustment to native changes.

The Excel output file was created with a name other than GUI requested.

Online Help

● Updated to display GUI only specific content.

Visualizer™ Business Intelligence

● The constant String **No value** is displayed now as '-':

Version 4.7.15 (November 2016)

Session Properties

● Session Properties now includes a list of installed modules, found in the Versions tab.

GUI™


● In Scheduler for Audit™, Firewall™ and AP‐Journal™, the list of commands for a report

was adjusted to native.


AP‐Journal™

● A new 'Type' column has been added to the Report/Application definitions, in the

Application definition tree.

GUI™


Editing Report or Application Definitions

NOTE: This can be done with Report/Application definitions that are

not enabled.

● The AP‐Journal™ can now be modified, while the user can switch between the two

'Types'.

● When editing a file that belongs to a Report, only the Filters dialogue box is available.

GUI™


● When editing a file that belongs to an Application, only the filter and alerts are

available.

New Application Wizard

● Report creation was added.

Application Output – Containers

● Subsets which required the native command DSPAPJRN to be supplied as a PTF have

been fixed.

GUI™


Firewall Groups

● A modification to enable work with large amount of users was added.

The Members table displays initially only included members.

The ‘Add’ button now prompts for multiple user additions.

By unchecking a checkbox, a user will be removed from the group.

Same table is available when editing all aspects of the group.


Firewall™

● Users and Groups – The Group Security table is now sorted by checked members.

GUI™


Visualizer™ Business Intelligence for Audit™ and Firewall™

● An initial time filter was added – 'By last n days'. It is set as the default option.

GUI™


Firewall™/Audit™ New Query Wizard

● Firewall/Audit New Query – when selected output format is 'Textual

Description' the output fields page is not displayed.

● Firewall/Audit Edit Query – when selected output format is 'Textual

Description' the output fields tab although displayed, allows for empty selection

of output fields.

AP‐Journal™

● Bug fix for error that is caused due the previous addition of output fields length.


Audit™ Query

● In Audit Query (as well as other applications), the default 'From time' and 'To

time' for Run Query for most products was adjusted to native side. Default time

covers 24 hours a day.

Next to the time controls there is now a link that allows for convenient reset of the

time to that default.

GUI™


● In Audit Query, the users can now browse “Type of access” by Field or Value,

using textual or numeric code.

Version 4.7.11 (June 2016)

Firewall™

● IFS Security ensures upper‐case only for file system and directory names.

Queries

● In Queries, the ability to edit output fields' length was added.

GUI™


Copy IFS file to PC

● A possible fix for rare cases of 'Sharing violation' was added when attempting to

access an IFS file.

Version 4.7.10 (April 2016)

Workspace Location Prompt

● This feature is part of iSecurity™ GUI™ version 4.7.10. It enables ease of selection of

user's workspace.

This feature is useful mainly for shared environments where the same installation is

used simultaneously by two or more users.

GUI™


Each can set his own private accessible location without blocking other members.

NOTE: There is a slight difference between new installations and

existing installation that performs an update.

New Installation Scenario

● When the GUI™ starts, the Workspace Launcher screen is the workspace location

prompt.

Historically, Raz‐Lee used isecurity_workspace3 located in the user's home

directory – that is the initial location.

Users can browse or type to select a different directory.

If the location specified does not exist, the system will make an attempt to create it.

The prompt is displayed each time the GUI™ starts unless the 'Use this

workspace as the default and do not ask again' button is

checked.

The prompt will display if the system is unable to set the requested location.

GUI™


Access per Instance

● Access per Instance, as the next step following setup of the location, is to lock it to

ensure access by a single instance only.

If this step fails, the application will terminate.

Failure to lock a default location will pop up the following error message: "Could not launch the product because the associated workspace is currently in use by another application, or is either invalid or read-only. Application will exit. Would you

like to delete default location?".

The user has the option to delete the default location, causing the location prompt to

display at the next application restart.

Update Scenario

● Activating the GUI™ for the first time following an update, the system tries to set the

previous workspace location.

If accomplished successful, the GUI™ will show as usual but the location is

saved and upon next restart the prompt will show pointing to last workspace

used.

If failed to set the location, the location prompt will display just as it does for

new installation.

GUI™


Setting the prompt from within the application

● This can be set also from the Preferences window – This is a global preferences that

effects the installation itself rather than the workspace and thus useful mainly for use

in a single user scenario.


Audit™

● The Audit Settings was adjusted to match the native ("green‐screen") options,

including support for the latest OS/400™ releases:

*SECURITY – Security related events

|*SECCFG – Security configuration is audited

|*SECDIRSRV – Changes done by directory service functions

|*SECIPC – Changes to inter‐process communications

|*SECNAS – Network authentication service actions

|*SECRUN – Security run tine functions

GUI™


Audit™ Queries

● Queries and ReportsQueriesAudit Queries – Support for $H audit types was added,

with a dedicated 'initial object selection' screen.

GUI™



● Authority on Demand™ (AOD) log support was enhanced to match native ("green‐

screen") options.

In addition, the constant CMDNOTPGM was changed to CMDAODINT to solve a Trace

Activity failure.

Firewall™

● The Firewall™ – IFS Security directory subtree settings for generic names (new in

native) was added.

Queries

● Adding and Editing Queries was adjusted to native; not more than 100 fields can be

selected for output and sort.


● Assorted improvements and bug fixes for Visualizer™ Business Intelligence.

GUI™


● Cache feature is commented as per this release.

Visualizer™ Business Intelligence operation might situate substantial load on the

memory of the PC.

● Bug fix – When set to Collect latest data on start, the initial query that

is executed when activating Visualizer™ Business Intelligence ran twice.

● Visualizer Settings – Selection of date intervals in various screens – the initial interval

uses dynamic instead of absolute dates.

GUI™



Audit™

● In Control Message Queues users can now work with any CCSID that maps the @

character to a different symbol.

GUI™


Firewall™

● In FirewallUsers and Groups node, in Application Groups, Location Groups, and User

Groups, users can now work with any CCSID that maps the @/%/# characters to a

different symbol.


● In Drill to Log from Firewall, date values are now displayed correctly.

Version 4.6.40 (December 2015)

General

● A new Open Node action was added.

It is available both as an icon on the toolbar and in the Navigate drop down Menu.

The action allows the user to easily find and open specific nodes when it knows the

name but not the location in the tree, as well as specific text.

The user can also use substitute characters to represent any string (*) or a single

character (?) as well as use the function to search in all available nodes on the tree,

and to open nodes directly from the search results.

GUI™


GUI™


This action allows the user finding and opening specific nodes when the name is

known but not the location in the tree.

Same goes for specific text.

In text cases, the user can also use substituting characters (*) to represent any string

or a single character (?).

The users can practice this function to search in all available nodes on the tree and to

open nodes directly from the search results.

Audit™

● 1 – Support for TLS in the Audit™ module was added.

GUI™


● 2 – The Control Message Queues node now has the same functionality as the native

version.

GUI™


Business Intelligence

● The Business Intelligence node was renamed to Visualizer BI and is now at the bottom

of the node tree.

GUI™


User Management

● A new node was added to Delete Unused Disabled Users.

The node enables the users to automatically delete disabled users after a given

number of days of inactivity.

GUI™


Compliance Evaluator™

● In the Compliance Evaluator™ module, a new node was added – Templates for User

Profiles.

GUI™



User Management

● A better integration between the GUI™ and the IBM® prompter is offered while

working with User Profiles.

● Add User now opens the prompter straight up.

GUI™


● Edit User prevents the user's text from being sent to the prompter from the GUI™

dialog.

● Copy User only allows a new name to be defined.

All other changes should be made by selecting the New Profile and clicking Edit.

Audit™

● The Syslog Definitions Window is built with a new layout to make it more users'

friendly.


User Management

● While working with User Profiles, now there is better integration between the GUI™

and the IBM® prompter.

● Add user now opens the prompter directly.

● Edit user prevents the user's text from being sent to the prompter from the GUI

dialog.

● Copy user only allows a new name to be defined.

All other changes should be made by selecting the new profile and clicking on Edit.

Audit™

● The Syslog Definitions window has a new layout which makes it easier to understand.


Queries

● The Query features of many modules were moved to a consolidated Queries and

Reports node and one option was renamed.

GUI™


Change Tracker Queries was previously accessed from Change TrackerQueries and Reporting.

Command Queries was previously accessed from Command.

Compliance Evaluator Queries was previously accessed from

ComplianceEvaluator.

PTF Status Queries was previously accessed from Change TrackerQueries and

Reporting.

Output Files was renamed from Database Reports.

Journal Scheduler was previously accessed from Journal.

Command™

● Since the Command Queries feature was moved to the updated Queries and Reports

node, the Command node was removed.


Anti‐Virus™

● The Activation and Deactivation options were adjusted to the native screens.

GUI™


Command™

● The Command™ module is now available in iSecurity™ GUI™. The first feature is

Command Queries.

Queries

● Temporary report file names are now used correctly with any CCSID.

Version 4.6.30 (May 2015)


● Upon adjusting the size of the results' table, the Quantity column width is now fixed,

reducing the need for additional resizing within the table.

GUI™


Firewall™

● DBOPEN Settings were added to the Firewall™ System Configurations for all systems

running Firewall™ Version 17.05 or higher.

The options available are the same as in native version.

● In addition to the Members Tab built onto the window for individual Application,

Location, or User Group, there is now a Members Button within the tables which open

up the list of members for that group.

GUI™


AP‐Journal™

● Upon setting Date and Time Filters for AP‐Journal™ application outputs (containers

and receivers) the users can now set the selected filter as the default filter for the

current session.

GUI™


● Week Start and Previous Week Start were added to the Data and Time Filter options

for AP‐Journal™ application outputs for Visualizer™ Business Intelligence.

Capture™

● If Capture™ Activation has already been set and the user selects Activate at IPL in the

Capture™ Activation Screen, a correct message is now displayed.

● An optional Add Capture All rule (if no rule) was added to the Capture™ Activation

Screen.

GUI™


● Upon adding Capture Rules, the sequence number can now be defined to the

resolution of one decimal place.

As the sequence number is the rule key, it cannot be modified when editing the rule.

Audit™

● The new Detection Rules are only available if the users have the appropriate version of

Audit™.

GUI™


Queries

● Upon setting the Date and Time Filters for running Queries, the users can now set the

chosen filter as the default filter for the current session.

GUI™



Audit™

● New parameters are available in the General Tab of the Selection Rules Dialog Box. It

now includes the same options as the native version.



● In the Export AOD Definitions Dialog Box, there is now a Browse… Button to help users

select the systems to be updated.

GUI™


● In the Authority on Demand™ (AOD) Log, the Timestamp end column was removed

and a button was added to allow users to trace activity. This functionality is already

available in the native version of Authority on Demand™ (AOD).

GUI™


Queries

● Previously, the results of all queries displayed as a table or in Visualizer™ Business

Intelligence were preserved.

Users can now decide whether or not to keep the results by selecting the Keep File

Checkbox upon defining the output format of the query.

Once the Keep File Checkbox is selected, the results will be available from the Ready

Reports Node.

Audit™

● Upon configuring the Audit™ Log and Journal Retention, the maximum number of

retention days is now 9999, as in the native version.

GUI™


Query and Journal Application Filters

● Upon testing by N/ITEM with General Groups, users can now add *GENERIC

support by selecting the Select with *GENERIC Support Checkbox.

GUI™



Compliance Evaluator™

● The descriptions of the system values from versions V5R4 and 7.2 of the operating

system are now available.

System Values can be accessed in the following nodes:

Compliance Evaluator Definitions System Values.

Compliance System Values Settings.

GUI™



● The following fields were added to the Authority Rules:

System – the name of the system for which the rule is valid.

Provide Authority By – defines how to add the requested authority.

Pin Code Left Uses – the number of uses remaining for the PIN code.

● The following functionalities were added to the Authority Rules:

Copy – allows a rule to be copied onto a new name.

Export – allows a rule to be exported to another LPAR/computer.

GUI™


Comments

We hope you found this Release News for iSecurity™ October 2017 informative; your

comments are important to us!

Raz‐Lee Security wants its users' documents to be as helpful as possible; please send your

comments about this October 2017 to [email protected].