Produce two reports: the first, a total violation report; the second, audit entries:
REPORT EVENT(VIOL) END REPORT EVENT(AUDIT) END
Select all TSO data violations that occurred yesterday:
DATE(-01,-01) DRC(DS) FACILITY(TSO)
Select all events logged on April 26, 1991 for jobs FINBUD01 and FINBUD02:
J(FINBUD01,FINBUD02) DATE(91116,91116) EVENT(ALL)
Select all violations by all users in the Finance Department:
DEPT(FINANCE) EVENT(VIOL)
Select all violations against volumes with the prefix WORK by users B1010, B1020, B1030:
A(B1010,B1020,B1030) V(WORK) EVENT(VIOL)
Select all jobs submitted from terminal R15.RD1:
RES(R15.RD1) CLASS(T) EVENT(INIT)
Select all updates against SYS1.SPFPARMS from the CPU SYS3:
SYSID(SYS3) EVENT(ACCESS) DSN(SYS1.SPFPARMS) ACCESS(UPDATE)
Select all test CICS unowned transactions with violations, and the report generates two lines for every security incident:
CLASS(X) FAC(CICSTEST) EVENT(VIOL) LONG
Select illegal CPU SYS2 access attempts for the second shift:
EVENT(VIOL) RES(CPU.SYS2) TIME(160000,235959)
Select all IMS production signon password violations:
DRC(PW) F(IMSPROD)
Select all jobs that are undefined:
FAC(BATCH) ACID(*)
Select all operator authentication failures:
CLASS(G) EVENT(VIOL)
Select all production jobs:
EVENT(ALL) JOB(PROD*)
Select CICS production and test violations against payroll files:
EVENT(VIOL) RES(PAY) FAC(CICSPROD,CICSTEST)
Select all minidisks:
RESCLASS(VMMDISK)
Select specific audited terminals:
EVENT(AUDIT) TERM(GRAF001,GRAF002,GRAF003)
Select all uses of selected system utilities:
EVENT(ALL) RES(IMASPZAP,IEHPROGM,IEHINITT)
|
Copyright © 2009 CA.
All rights reserved.
|
|