Important Updates to Cybersecurity Software

HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.

See the new names here > New, Clearer Names for HelpSystems Security Software.

Before You Install

Please review the following information before installing SIEM Agent for IBM i. 

Note: When installing SIEM Agent for IBM i in an HA environment: 

  1. Stop the replication of user profiles from production to HA system by either ending the replication software or ending the replication of the user profiles. 
  2. Install SIEM Agent for IBM i on the HA and production systems.
  3. Setup SIEM Agent for IBM i replication per the HA Setup instructions. To view these instructions, see SIEM Agent for IBM i Setup in an HA Environment.
  4. Start replication (including the user profiles).

Licensing

SIEM Agent for IBM i requires that you enter a valid license key. Contact keys@helpsystems.com if you need to request a new license key.

System Values

It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the SIEM Agent for IBM i installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.

To install Powertech SIEM Agent for IBM i on your system, the following system values that control object restores must be configured as shown.

  • Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech SIEM Agent for IBM i programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.)
  • QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the SIEM Agent for IBM i product library (PTINTERACT) for SIEM Agent for IBM i options to function properly. 
  • QVFYOBJRST can be 1, 2, or 3. This allows SIEM Agent for IBM i to restore all objects regardless of their signature. (Note: If you normally check signatures, remember to check this system value after the SIEM Agent for IBM i install process completes.)
  • Set QFRCCVNRST (Force conversion on restore) to 0, 'Do not convert anything.'

System Requirements

SIEM Agent for IBM i requires the following:

  • IBM i version 7.1 or higher

Note: During installation an FTP connection is initiated. The FTP server responds with messages that prompt for FTP login credentials. The standard port reserved to establish an FTP connection to the IBM i is port 21. Consequently, it is required that this port is open and ‘listening’ on the server in order to establish a connection with the Installation Wizard and facilitate a successful installation.

If FTP is not available, you must install the product manually. See Manual Installation of Powertech IBM i Products.

Installation

The SIEM Agent for IBM i installation process is completely automated.

Ensure the following servers are available and running prior to installation:

  • FTP Server
  • Remote Command Server 

Do the following to install SIEM Agent for IBM i:

  1. Download the SIEM Agent for IBM i Installer (setupInteract3.exe) to your PC from the SIEM Agent for IBM i Download Page. (The "Trial" download is the full product, which can be unlocked with a valid License Key).
  2. Double-click the .exe file to start the Installation Wizard. When prompted, enter the name of the system on which you want to install SIEM Agent for IBM i, a user profile, and password.

    Note: Make sure the user profile is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.

  3. The Wizard installs SIEM Agent for IBM i on your system.
  4. When the install completes on the system, you can view the install log or select “Restart and load another system” to install SIEM Agent for IBM i on another system. Follow the instructions to install it on additional systems. You can install SIEM Agent for IBM i on as many systems as you want, one at a time. 
  5. When you are finished installing on all systems, uncheck the checkbox and then click Finish to remove the Wizard from your PC. 

The installation process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the SIEM Agent for IBM i install. 

The SIEM Agent for IBM i installation process installs the following product libraries, user profiles, authorization list, and objects on your system. It also creates the PTWRKMGT subsystem if it doesn’t already exist and adds job queue entries to the subsystem.

Installed on System Description

Product Libraries

PTINTERACT
PTWRKMGT

User Profiles

PTIAADM, which has no special authorities
PTWRKMGTOW, which has no special authorities
PTIAOWN, which is similar to *USER and has the special authority of *ALLOBJ
All profiles are set to Password = *NONE so they can’t be used to sign on to the system.

Authorization List

PTIADTA —Powertech SIEM Agent for IBM i Data Objects
PTIAPGM —Powertech SIEM Agent for IBM i Programs
PTIAADM—Powertech SIEM Agent for IBM i Administrators
A user must be in the PTIAADM authorization list or be signed on to the system using a profile with *ALLOBJ authority to use SIEM Agent for IBM i.

Objects

Object: WRKPTIA
Object Type: *CMD
Library: QGPL
Product: Main Menu

Subsystem

PTWRKMGT  
The subsystem is created at install if it doesn’t already exist on the system.

Job Queue Entries

PTINTERACT/PWRLCKIA (SIEM Agent for IBM i)
Added to PTWRKMGT subsystem.

Starting and Licensing SIEM Agent for IBM i

To start and license SIEM Agent for IBM i, do the following:

  1. Enter the command WRKPTIA on a command line to display the SIEM Agent for IBM i Main Menu.
  2. Choose option 3 to open the Configuration Menu, then option 2, Work with SIEM Agent for IBM i Customer License.
  3. Press F11, paste the License Code, and press Enter. (Contact keys@helpsystems.com if you need to request a new license code.)

Note: The SIEM Agent for IBM i documentation can be found at Powertech Product Manuals.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: January 30, 2019