SIFT IT Logo Security Threat Detection and Secure Logging 

SIFT-IT is an enterprise grade security threat detection and secure log management solution for the IBM i that performs real-time monitoring of all types of system and server logs.   Unlike legacy products that simply harvest journals and archive them to syslog servers, SIFT-IT can analyze the contents of the logs in order to filter and manage specific events based on granular details.  Some of the types of events can include invalid logins, logins outside of your network or outside of normal business hours, changing system values, monitor IFS directory activity, monitor processes using adopted authority and much more.  While other offerings boast about real-time sending to remote SIEM consoles and syslog servers which any monitoring agent for the IBM i should do SIFT-IT goes well beyond that by offering customers the ability to automate remediations in real time through triggering steps in exit programs.  This means you can stop things from continuing immediately rather than waiting for someone to discover it later on a SIEM console or syslog server.

SIFT-IT has unlimited reformatting and integration capabilites to any enterprise SIEM or detection software by providing output options for CEF, LEEF, Syslog formats supporting RFC3424 or RFC5424 or even directly outputting to text files for other types of monitoring processes.  Customize the payload to remote console by adding searchable tags which is very necessary to prioritize searches on SIEM that have tremendous amounts of data.

The backbone of SIFT-IT is its intelligent granular event filtering inside of the agent configurations. The agent configurations allow companies to build specific rules on how to handle a specific event or sets of events in real-time. Ways to address events can include calling processes to disable users, blocking IP addresses and sending high priority alerts including text messages to security personnel.   And of course agents also define what SIEM or syslog server should receive system logs and how they should be formatted including tagging for searching and prioritizing on receiving SIEM consoles.

SIFT-IT is proven in many industries including financial, banking, insurance, healthcare, retail and manufacturing.  Some of our clients process as much as 10,000 security events per second for secure logging to multiple SIEM consoles simultaneously.

if you need a high volume, sophisticated security detection solution for the IBM i, SIFT-IT is right for you!   See for yourself and download a trial of SIFT-IT.

What can SIFT-IT do?

SIFT-IT Features

SIFT-IT Features

Comprehensive Secure Logging

Providing enterprise grade logging All security events such as viewing changing SIFT-IT filters and configs are logged to QAUDJRN. Starting and stopping SIFT-IT agents are logged as potential security events. Local logging of of all SIFT-IT actitvity is performed and exceptions can also be sent to message queues such as QSYSOPR.

Compatible with SIEMs and Syslog Servers Simultaneously

Providing enterprise grade logging SIFT-IT interoperates with both cloud based and on premise SIEMs and Syslog Servers and support multiple secure endpoint logging systems simultaneously. Interoperates with systems like Splunk, HP Arcsight, IBM QRADAR, Sumo Logic, AlertLogic, TIBCO LogLogic, SolarWinds, TripWire and more.

Alarms and Remediation

SIFT-IT provides exit points to initiate automated remediation of security threats. Tagging and priority values can be embedded and customized in secure logs to prioritize how a SIEM treats a threat. Emailing of joblogs and alerts as well as sending text messages are also features included with a SIFT-IT subscription.

SIEM and Syslog Integration Options

SIFT-IT can be configured to communicate to SIEMs and Syslog servers using UDP, TCP or Secure TCP. TLS version levels can be set for Secure TCP. Formats of messages include CEF, LEEF and syslog supporting RFC3164 or RFC5424. You can also customize name value pairs.

Granular Event Detection

Go beyond simply looking for journal codes by defining rules for handling specific events or sets of events based on the contents of the event record.

Testing Tools

SIFT-IT includes a set of testing tools that allows you to build test data to make sure you are detecting and handling security threats including how to trigger automated remediation, send alerts and prioritize threat signals to SIEMs and Syslog server.

Compliance with Security Mandates

SIFT-IT is compliant with security standards such as PCI, HIPAA (& HiTech law), DFARS, Dodd-Frank, GDPR and more

Cyber Insurance Compliance

SIFT-IT fully addresses all requirements for implementing securely monitoring and logging your IBM i security events to obtain cyber insurance policies.

Popular Purchases with SIFT-IT

ARP-AUTH

Secure access to your IBM i using MFA for telnet logins, SFTP and FTPS server and Navigator for i.

ARP-SMS

Send and receive SMS messages via the Twilio platform directly on your IBM i. Ideally used for alerts in a Arpeggio security solution.

ARP-EXIT

IBM i PASE SFTP Server Exit Point integrates the IBM SSH server with your registered IBM i FTP exit point program. Log SSH events to QAUDJRN or local files.