saves companies time and money on regulatory compliance as well as detects fraudulent activity on all system or database activity. Accurate, readable reports are easy to generate and can be automatically delivered to designated personnel.
The leading auditing product since its introduction, QJRN/400
is widely used by companies that face an elevated fraud risk or are subject to strict regulatory standards, such as SOX, Basel II, HIPAA, 21-CFR, and PCI-DSS. QJRN/400
proves time and again to be indispensable both in the detection of company fraud and in the preparation for and execution of official audits for regulatory compliance. QJRN/400
is a non-invasive suite. No environment is too small, too large or too complex to benefit from the power and flexibility that QJRN/400
provides in the realm of audit and regulatory compliance management. And QJRN/400
provides out-of-the-box audit reports for some of the more common ERP systems. DESCRIPTION
enhances IBM i journaling functionality by producing clear, concise and easy-to-read reports based on system activity and database changes that are recorded in journals. Journals are the audit source of choice as they are the only source accepted by both security and audit professionals.QJRN/400
consists of two modules, System Audit and Database Audit, which can be purchased individually or as a suite.
The Database Audit module allows you to produce reports and alerts for any activity on any database in the IBM i, including those that are Unicode enabled.
Examples of data change information that can be included in reports:
- Outside of normal business hours
- Non-application programs
- Specific fields within the database (credit limits, discount rates, etc.)
- Specific change criteria (change exceeds 10%, etc.)
- According to a specific situation (program, IP Address, port, job, user, special authorities, etc.)
The System Audit module comprehensively understands and monitors your system.
Examples of system activity reports:
- System object changes (system values, user profiles, authorization lists, etc.)
- Access attempts (authentication and object access)
- Powerful user activity (*ALLOBJ, *SECADM)
- Object transfer to production libraries and IFS directories
- Real command line activity of user profiles
- Actions on spooled files, adopted authorities, exit programs, etc.
- Access to or use of sensitive objects (files, programs, menus, etc.)
QJRN/400 allows you to generate journal-based audit reports that are easy to read and understand. Reports can be ad hoc or scheduled and emailed automatically to the people who need them.
- Easy to install and set up
- No impact or modifications required on existing applications
- Any type of journal entry can be analyzed (QAUDJRN, QACGJRN, QZMF, user entries, etc.)
- Compatible with journaling-based high-availability and replication software
- Journal and receiver management available; ideal for hardware replication/IASP environments
- Powerful query engine with extensive filtering options
- Multiple report types (PDF, XLS, CSV, PF, etc.)
- Report distribution via SMTP, FTP or the IFS
- Customizable PDF reports (highlight changes, add logos, etc.)
- Event/alert notification (e-mail, popup, syslog)
- On-demand, periodic and real-time reports and alerts
- Automatic and/or continuous analysis of user defined periods
- Independent or concurrent extraction and reporting processes
- Interfaces with leading SIEM consoles
- Both system and database audit model management available
- And more
- Significantly reduce the time and associated costs required to achieve regulatory compliance
- Allow real segregation of duties and enforce the independence of auditors
- Promote journaling as an audit trail
- Quickly solve security incidents and contentious situations
- Go beyond deterring fraud activities by contributing to the implementation of best practices in applications and system utilization