Charles Mills wrote >"log user actions and tie said actions back to that user via a unique >identifier"
>That is not intrusion detection. Intrusion detection is a good thing, but it >is basically looking for outsiders trying to get in. (Loosely speaking.) Not >known users doing good and occasionally bad things. Do I understand this correctly Intrusion detection deals with Outsiders trying to access a system ? Where as Logging user actions and coordinating a users activity using a unique identifier validates in-house or business users activities. Do I understand the difference ? Paul D'Angelo ---------- Original Message ---------- From: Charles Mills <[email protected]> To: [email protected] Subject: Re: Need Hep with HIDS and z/OS Date: Fri, 14 Jul 2017 17:37:03 -0700 "log user actions and tie said actions back to that user via a unique identifier" That is not intrusion detection. Intrusion detection is a good thing, but it is basically looking for outsiders trying to get in. (Loosely speaking.) Not known users doing good and occasionally bad things. <commercial plug> https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/ + https://correlog.com/software/download-czdash-rcpt.html Does exactly what you describe. In real time. With alerts for the bad things to your cell phone or BMC Remedy, etc. See it live in action with "Soldier of Fortran" Phil Young: https://correlog.com/correlog-events/ (scroll down to the second section) </commercial plug> Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of [email protected] Sent: Friday, July 14, 2017 3:28 PM To: [email protected] Subject: Need Hep with HIDS and z/OS Hello, I'm not a security person. Need some help with HIDS and z/OS- What is HIDS You ask ? HIDS stands for Host Intrusion Detection System * I'm researching an issue for a business unit. I really know nothing about HIDS. . There requirement What they are looking for here is essentially a tool that has the functionality to log user actions and tie said actions back to that user via a unique identifier. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
