Space banner This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Configuring SIEM data delivery

Session Monitor for WebSphere MQ can be configured to deliver Security Incident and Event Management (SIEM) data to analytics and reporting tools, such as Splunk®.

  1. Use the SIEM Tool Data Generation Parameters screen to specify where your site’s SIEM data should be sent as follows:
    1. If your SIEM product has a listening port that can accept Session Monitor MQ data, type 1 in the Select destination for SIEM data field.
    2. Under TCP address of SIEM listener, enter the IP address and port number on which your SIEM product is installed and listening. The mainframe must be able to connect to the machine where your SIEM product is installed.
  2. Press Enter to store the SIEM tool data generation parameters and continue, or Cancel to exit.



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*