The Compliance Event Manager team is pleased to announce our latest enhancements. We encourage all customers to take advantage of these new offerings. To try them out, download the Compliance Event Manager PTFs LU11017/LU11018 from Broadcom Support.
- Count Actions at the Policy Statement Level. This option counts the actions that a policy statement would trigger but does not perform the actions. Doing so helps you understand the volume of actions to be captured by your policy statement before you activate it. For example, if a policy statement that is configured to send real-time alerts (emails) is triggered 1,000 times, Compliance Event Manager reports a count of 1,000 instead of sending 1,000 emails. For more information, see Create a Policy Set.
- View Policy Counts from the UI. You can now view policy count details from the Policy Status page of the user interface. Previously, this information was only available by issuing the STATUS command. The policy count details let you see how many events your policy statement processed. Of those events, how many matched and did not match the policy statement criteria. This information helps you determine whether the policy statement criteria require adjustments. For example, a policy statement that has processed 10,000 events but has matched 0 events might require changes to the policy criteria. For more information, see Get Policy Counts.
- New Timestamp Format Substitution Variable for Forwarding Events to SIEMs. The product now provides the substitution variable DATE_TIME_UTC that conforms to the RFC UTC timestamp format of yyyy-mm-ddThh:mm:ss.tttZ. This substitution variable lets users forward security events from Compliance Event Manager to Security Information and Event Management (SIEM) platforms that require RFC timestamp formatting. The DATE_TIME_UTC substitution variable is supported for all action types for event-based monitoring, ESM monitoring, PDS monitoring, and z/OS monitoring. For more information, see the topics under Event Substitution Variables and Criteria.
Thank you!
-- The Compliance Event Manager Team
------------------------------
Principal Technical Writer
Mainframe Software Division
Broadcom
------------------------------