Important Updates to Cybersecurity Software
HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.
See the new names here > New, Simpler Names for HelpSystems Security Software.
Please review the following information before updating SIEM Agent for IBM i. If you are upgrading SIEM Agent for IBM i from, version 2.x or earlier, see Upgrading SIEM Agent for IBM i.
Note: Prior releases of SIEM Agent for IBM i provided communication with syslog and SIEM solutions via a transport layer protocol called “User Datagram Protocol” or UDP. UDP does not provide encryption or guarantee delivery of events. Transmission Control Protocol (TCP) has been added to SIEM Agent for IBM i to address these issues. TCP provides reliable, ordered, and error-checked delivery of Events. In order to encrypt event data, SIEM Agent for IBM i now also includes Secured TCP communications using TLS certificates. This allows you to encrypt the traffic between SIEM Agent for IBM i and your syslog server or SIEM product. (User Datagram Protocol (UDP), SIEM Agent for IBM i's former method of event data communication, which does not offer guaranteed delivery or encryption, is still supported).
Please review the following information before updating SIEM Agent for IBM i.
Note: When updating SIEM Agent for IBM i in an HA environment:
SIEM Agent for IBM i requires that you enter a valid license key. Contact firstname.lastname@example.org if you need to request a new license key.
It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the SIEM Agent for IBM i installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.
To update Powertech SIEM Agent for IBM i on your system, the following system values that control object restores must be configured as shown.
SIEM Agent for IBM i requires the following:
Note: During installation an FTP connection is initiated. The FTP server responds with messages that prompt for FTP login credentials. The standard port reserved to establish an FTP connection to the IBM i is port 21. Consequently, it is required that this port is open and ‘listening’ on the server in order to establish a connection with the Installation Wizard and facilitate a successful installation.
Ensure the following servers are available and running prior to updating:
The SIEM Agent for IBM i installation process is completely automated.
You can also use the product menu option to ‘End Interact Monitors’.
SAVLIB LIB(PTINTERACT) DEV(*SAVF) SAVF(QGPL/IA3SAVF)
Note: Make sure the user profile is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.
The installation process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the SIEM Agent for IBM i install.
To restart SIEM Agent for IBM i after the upgrade, issue the following command:
Note: The SIEM Agent for IBM i Administrator's Guide can be found at Powertech Product Manuals.
Still have questions? We can help. Submit a case to Technical Support.