The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

TSOM and TCIM Integration! (TSIEM)

Posted by Xavier Ashe on February 5, 2008

Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) today are focused on prioritizing security initiatives to support their business goals, and on managing technical risk and governance.  Their organizations are challenged to both minimize security-based business disruptions and ensure and demonstrate compliance with privacy regulatory requirements, with a limited set of resources.   Security information and event management (SIEM) technology can provide a solution to these challenges, and provide greater leverage of people and greater visibility of their existing security infrastructure.

IBM offers two SIEM complementary capabilities for the security information and events:

  • A real-time, network event-oriented management dashboard that facilitates attack recognition and incident management
  • An information analysis dashboard to assess how well an organization adheres to its security and governance policies

IBM Tivoli Security Information and Event Manager V1.0 (TSIEM) is comprised of two products:  IBM Tivoli Security Operations Manager V4.1 (TSOM) and IBM Tivoli Compliance Insight Manager V8.5 (TCIM). These products, working together, help you realize the full promise of enterprise SIEM. By centralizing log collection and event correlation across your enterprise, you can leverage an advanced compliance dashboard to link security events and user behavior to your corporate policies.

Tivoli Security Information and Event Manager delivers a comprehensive foundation to help address your SIEM requirements.  As a result, IT organizations can reduce their exposure to security breaches; collect, analyze, and report on compliance events; and manage the complexity of heterogeneous technologies and infrastructures.  TSIEM provides support for numerous applications, operating systems, security products, and network infrastructures, as well as desktop and mainframe systems.

Using TCIM and TSOM together provides the benefits of both products, through their complementary user-centric and network-centric perspectives.  Integration between TSOM and TCIM can provide additional unique capabilities:

  • Identify important audit and administrative events from the network/security infrastructure for privileged user monitoring and compliance reporting.   This leverages the broad network and security product support of TSOM and its correlation capabilities to provide added value auditable events for use in the TCIM privileged user monitoring and audit and compliance reports.
  • Identify network-centric policy violations with TSOM, and forward these high level correlated events to TCIM for consolidated compliance dashboard and reporting and views.  

The integration described in this document provides the foundation to accomplish these two general use cases.  It describes the specific of configuring TSOM to send events to TCIM.

Dowload the Tivoli Security Information and Event Manager: Tivoli Security Operations Manager and Tivoli Compliance Insight Manager Integration Guide

Advertisements

10 Responses to “TSOM and TCIM Integration! (TSIEM)”

  1. Mike Core said

    Hi Xavier

    Great introduction. However, I could not figure out where and how to download the PDF 🙂

    Yours
    -Mike Core
    mcore@us.ibm.com

    Like

  2. I am going to be posting an update soon. Here’s the link.

    Like

  3. http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itcim.doc/tcim85_qsg_en.pdf

    Like

  4. Mohammad Afroze Khan said

    Hi Xavier,

    As you given the link below as:

    Dowload the Tivoli Security Information and Event Manager: Tivoli Security Operations Manager and Tivoli Compliance Insight Manager Integration Guide:
    http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tsiem.doc/tsiem10_integration_guide.pdf

    I am not able to download the TSIEM and TSOM integration guide. Can you help me to get it.

    Or can you send it to mail id also.

    regards,

    Like

  5. Here’s the new link:

    http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tsiem.doc_1.0/tsiem10_integration_guide_v1.1.pdf

    Like

  6. Jignesh said

    Hi, Same procedure i want to do for windows OS level, to integrate TSOM and TSIEM, any body have docs. please sent me it on my email address or sent me full step by step procedure..

    Thanks for Help.

    Regards,
    Jignesh

    Like

  7. Burney said

    I have my TSIEM server running in windows and so is CMS. This document is quite specific to Linux environments can you please guide or any tips to what i can do for the integration in windows.

    Like

    • You’re right. I developed this before we supported Windows on TSOM. The scripts are in perl, so all you would have to do is change some paths (and install per for windows). I don’t have time to rewrite it right now, but my priorities could change if enough customers need it. Call L2 support and let them know that this documentation needs to be updated.

      Have you looked at migrating to Q1 Labs?

      Like

  8. Ali said

    I hv TSIEM installed on windows 2003 and same is CMS.I want to integrate both (TSIEM AND TSOM).can any body help me in this connection

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: