AUTOMATE statement

Z/OS ONLY

The AUTOMATE statement enables and disables alert automation within BMC AMI Datastream.

Enabling AUTOMATE creates an Extended Multiple Console Support (EMCS) console, which can issue commands and return responses to the caller. For more information about EMCS consoles, see the IBM Knowledge Center. 

Related topics

Parameter-file-statements

AUTOALERT-statement

Automatic-response-process-overview

(SPE2404)

You can use the AUTOMATE statement to mount file systems containing programs authorized by the authorized program facility (APF) in UNIX System Services (USS) environments for which you do not have permission to grant APF authorization to programs, but you do have permission to mount file systems.

For example, you can grant APF authorization to a program on LPAR1 for which you have permission, copy it to a mounted file system, and then mount the file system containing the APF-authorized program to LPAR2, for which you do not have authorization permission.

Use the JCL parameters to customize JCL batch jobs submitted to the Internal Reader DD, CZAIJCL, for the CZAGENT started task. The commands run ARR002 and ARR013 action codes for TSO commands and scan a newly mounted file system. For more information about the CZAGENT started task, see Sample-CZAGENT-JCL-for-running-BMC-AMI-Datastream-as-a-started-task.

If your organization has special requirements, you can further modify the JCL by editing the EXEC members AMISCANF (file system scan) and AMITSOCM (TSO commands).

The AUTOMATE statement is in the $$$AUTO member.

Important

You can modify the $$$AUTO member in the amihlq.PARM data set.

$$$AUTO is included in CZAPARMS if the AUTOMATE switch setting in $$$CONFG is on.

Using AUTOMATE

You can define only one AUTOMATE statement. The following are examples of how you configure the AUTOMATE statement:

Syntax diagram for the AUTOMATE statement provides a visual representation of the command syntax and parameters.

Sample from $$$AUTO

AUTOMATE +
  PORT(49252) +                      ; Dynamic Port Number
; PORT(DUMMY) +                      ; XCF communication
  TCPIPSTACK(TCPIP) +                ; TCP/IP Stack Name
  THREADS(10) +                      ; Number of REXX threads 1-50
  TIMEOUT(10) +                      ; Number of seconds until timeout
  ENABLE +                           ; Enable AUTOMATE
; DISABLE +                          ; Disable AUTOMATE
;                                    ; AUTOMATION JCL parms
  JCL_JOBNAME(CZAAJCL) +             ; Jobname
  JCL_ACCT(XXXX) +                   ; Job account number
; JCL_MSGCLASS(X) +                  ; Job message class
; JCL_CLASS(X) +                     ; Job class
  JCL_FS_STEPLIB(CZAGENT.LOAD) +     ; STEPLIB for Filesystem scan
;
  DESCRIPTION('Alert Automation')

Statement parameters

AUTOMATE uses the following parameters:

Parameter

Description

PORT(assignedListenerPort | DUMMY)

Port number used by BMC AMI Command Center for Security to notify BMC AMI Datastream of identified alerts

  • To receive alerts using TCP/IP, use assignedListenerPort .
  • (SPE2304)To receive alerts using Cross-system Coupling Facility (XCF), use DUMMY.

TCPIPSTACK(tcpipStack)

TCP/IP stack name

Name of the TCP/IP stack used for network TCP/IP communications. Check with your z/OS administrator for this name.

TLS(REQUIRED|OPTIONAL)

Important

This parameter is discontinued starting with version 7.1.01 SPE2410. AT-TLS is no longer optional, it is the default protocol.

Binary option to require or not AT-TLS support

  • To indicate that the connection can use only a TCP/TLS communication protocol, use REQUIRED.
  • To indicate that the connection can use either a TCP or TCP/TLS communication protocol, use OPTIONAL.

THREADS(REXXExecThreads)

Number of REXX exec threads to create

(For use with XAPIID(LOCAL) only.) Indicate the number of REXX exec threads (1–50) for BMC AMI Datastream to create. Each thread runs one automation alert. For systems that require more concurrent automation alerts, increase this value.

If you omit THREADS, the default value 10 is used.

If you specify a value of 0 for THREADS, the default value 1 is used.

TIMEOUT(numberOfSeconds)


Number of seconds to wait

For use with XAPIID(LOCAL) only . Indicate the number of seconds, from 1 to 999,999, to wait for the alert to be scheduled by BMC AMI Datastream. If you never want an alert to time out, enter 0 (zero).

This option is useful if you have a low number of THREADS or a spike in automated alerts.

If you omit TIMEOUT, the default value 10 is used.

ENABLE|DISABLE

Enable or disable alert automation

If you omit this parameter, the default value ENABLE is used.

JCL_JOBNAME
(SPE2404)

Name of the job being submitted

JCL_ACCT
(SPE2404)

Account number of the job being submitted

JCL_MSGCLASS
(SPE2404)

(Optional) Message class of the job

 JCL_CLASS
(SPE2404)

(Optional) Job class of the job

JCL_FS_STEPLIB
(SPE2404)

(For file system scans only) The installation LOAD library DSN for BMC AMI Datastream

To enable the file system scan, turn on the following switches in the $$$CONFG member:

  • FAM—Collects SMF 92 subtype-1 records, which detect when a file system is mounted.
  • AUTOMATE—Allows an automated response alert to be sent from the SIEM to the agent, which runs the ARR013 alert. This alert submits a batch job that scans the mounted file system and prompts a response to the SIEM.
  • LOADFILE—Sends the response back to the SIEM after the mounted file system is scanned.

File systems mounted with a NOSETUID option are not scanned for APF programs. This option ignores APF flags, and programs running under this option cannot be APF authorized. For information about the NOSETUID option, see the IBM documentation.

DESCRIPTION(‘automateTaskDesc’)

(Optional) A 1–40 character string

You must enclose the string in single quotation marks ( ). It can be any meaningful description of the automation task. For example, you might want to use a description that distinguishes test automation from production alert automation.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*