Auditing, Reporting, and Surveillance › Audit Utilities

Audit Utilities

CA Top Secret provides several utilities to assist auditors in performing their functional responsibilities:

TSSTRACK

Use this utility to monitor security‑related events from an online terminal in a real‑time manner. TSSTRACK can go back to a specified date and time to focus on a selected facility or CPU, or to focus on violations only. Use this utility from both display and nondisplay terminals. Its standard version can be run under CICS and TSO. All CPUs can be monitored from a single terminal if you are using a shared Audit/Tracking File. All displayed information is obtained from the CA Top Secret Audit/Tracking.

TSSUTIL

A flexible report generator/extract utility is used to provide batch reports of any security‑related events that have been logged to the Audit/Tracking File or SMF. Multiple and varied reports can be produced which monitor all types of security events with selection criteria that include:

• ACIDs
• Jobs
• Specific resources
• Resource types
• Facilities
• Departments
• Dates
• Types of access
• CPUs
• Violations
• Audited incidents

TSSAUDIT

This batch utility allows auditors to monitor changes that are made to the security file and sensitive z/OS facilities and data areas. It can be used to list:

• ACIDs which possess administrative or special privileges (such as AUDIT, CONSOLE, or any of the security bypass attributes).
• Changes that are made to the Security File. It generates this information for a given date or time span by examining the Recovery File. All changes by a particular ACID can also be requested. The ACID must fall within the scope of the administrator running TSSAUDIT.
• Information about modules in APF‑authorized libraries.
• Information about site‑written (non‑IBM) SVCs, the Program Properties Table (PPT), and the Terminal Monitor Program's (TMP) authorized program lists.
• The last two items are useful in pinpointing z/OS security exposure.

TSSCHART

This utility lets you generate the ACIDs and owned resource relationships within the CA Top Secret security database in the form of an organization chart. The auditor can generate these charts at the zone, division, department, profile, or user level. This utility allows auditors to review the Security database to ascertain that it has been designed effective.

TSSSIM

This utility enables the auditor to simulate access attempts to resources to test and verify resource permissions. As a result, it can aid an auditor in deciding whether the ACID has access to particular resources. The auditor can simulate any mode or conditions for ACIDs within their scope of authority. TSSSIM establishes and verifies access characteristics. In addition, TSSSIM indicates which specific CA Top Secret permission (the TSS PERMIT command function) gave or denied access authorization.

TSSCFILE

This batch utility produces a fixed‑format output file whose records closely parallel the output of a TSS LIST command function. A four‑ to six‑character record identifier is associated with each record type. The auditor can then generate custom reports using TSSCFILE.

TSSPROT

This utility is useful for auditors in a z/OS non‑Always call environment to determine what data sets are not protected. To obtain this information, the auditor must use the following options:

PROTECT SIM

Note: To execute TSSPROT, the auditor must be at least an SCA.

TSSOERPT

This batch utility enables the auditor to monitor user activity in the OpenEdition environment. The Various reports can be produced that monitor access to OpenEdition related, SAF callable services. Report data is extracted from SMF TYPE 231 records.

For information about these utilities, see the Report and Tracking Guide.