Important Updates to Cybersecurity Software

HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.

See the new names here > New, Simpler Names for HelpSystems Security Software.

--------------------

Please review the following information before updating SIEM Agent for IBM i. If you are upgrading SIEM Agent for IBM i from, version 2.x or earlier, see Upgrading SIEM Agent for IBM i.

Note: Prior releases of SIEM Agent for IBM i provided communication with syslog and SIEM solutions via a transport layer protocol called “User Datagram Protocol” or UDP. UDP does not provide encryption or guarantee delivery of events. Transmission Control Protocol (TCP) has been added to SIEM Agent for IBM i to address these issues. TCP provides reliable, ordered, and error-checked delivery of Events. In order to encrypt event data, SIEM Agent for IBM i now also includes Secured TCP communications using TLS certificates. This allows you to encrypt the traffic between SIEM Agent for IBM i and your syslog server or SIEM product. (User Datagram Protocol (UDP), SIEM Agent for IBM i's former method of event data communication, which does not offer guaranteed delivery or encryption, is still supported).

Before You Update

Please review the following information before updating SIEM Agent for IBM i. 

Note: When updating SIEM Agent for IBM i in an HA environment: 

  1. Stop the replication of user profiles from production to HA system by either ending the replication software or ending the replication of the user profiles.
  2. Stop the replication of objects in the product libraries (PTINTERACT and PTWRKMGT).  
  3. Install SIEM Agent for IBM i on the HA and production systems.
  4. Setup SIEM Agent for IBM i replication per the HA Setup instructions. To view these instructions, see SIEM Agent for IBM i Setup in an HA Environment.
  5. Start replication (including the user profiles and objects in the product libraries).Close

Licensing

SIEM Agent for IBM i requires that you enter a valid license key. Contact keys@helpsystems.com if you need to request a new license key.

System Values

It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the SIEM Agent for IBM i installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.

To update Powertech SIEM Agent for IBM i on your system, the following system values that control object restores must be configured as shown.

  • Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech SIEM Agent for IBM i programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.)
  • QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the SIEM Agent for IBM i product library (PTINTERACT) for SIEM Agent for IBM i options to function properly. 
  • QVFYOBJRST can be 1, 2, or 3. This allows SIEM Agent for IBM i to restore all objects regardless of their signature. (Note: If you normally check signatures, remember to check this system value after the SIEM Agent for IBM i install process completes.)
  • Set QFRCCVNRST (Force conversion on restore) to 0, Do not convert anything.

System Requirements

SIEM Agent for IBM i requires the following:

  • IBM i version 7.1 or higher

Note: During installation an FTP connection is initiated. The FTP server responds with messages that prompt for FTP login credentials. The standard port reserved to establish an FTP connection to the IBM i is port 21. Consequently, it is required that this port is open and ‘listening’ on the server in order to establish a connection with the Installation Wizard and facilitate a successful installation.

Updating SIEM Agent for IBM i

Ensure the following servers are available and running prior to updating:

  • FTP Server
  • Remote Command Server 

The SIEM Agent for IBM i installation process is completely automated. 

  1. Download the SIEM Agent for IBM i Installer (setupInteract3.exe) to your PC. To do so, go to the SIEM Agent for IBM i Download page.
  2. End the SIEM Agent for IBM i Monitor jobs by running the following command:

    ENDPLIAMON

    You can also use the product menu option to ‘End Interact Monitors’.

  3. Once the SIEM Agent for IBM i monitor jobs end, save the library:

    CRTSAVF FILE(QGPL/IA3SAVF)
    SAVLIB LIB(PTINTERACT) DEV(*SAVF) SAVF(QGPL/IA3SAVF) 

  4. Double-click the .exe file to start the Installation Wizard. When prompted, enter the name of the system on which you want to install SIEM Agent for IBM i, a user profile, and password.

    Note: Make sure the user profile is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.

  5. The wizard sends the savefiles and updates SIEM Agent for IBM i on your system.
  6. When the install completes on the system, you can view the install log or select “Restart and load another system” to install SIEM Agent for IBM i on another system. Follow the instructions to install it on additional systems. You can install SIEM Agent for IBM i on as many systems as you want, one at a time. 
  7. The update process will create a log. Use the WRKSPLF command to display the joblog for complete information.  

The installation process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the SIEM Agent for IBM i install. 

After You Update

To restart SIEM Agent for IBM i after the upgrade, issue the following command:

PTINTERACT/STRPLIAMON 

Note: The SIEM Agent for IBM i Administrator's Guide can be found at Powertech Product Manuals


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: November 07, 2018