cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

L0 Member

Some advice from past experience is you can install a third party agent (Midland, Seasoft, Townsend) to forward AS/400 event logs via syslog if there are system activities you want to be alerted on.  Alternatively, instrumenting the XDR agent on any endpoint that has a direct path to the AS/400 system provides the ability to detect and respond to adversaries actions before they get to the AS/400. I have found many organizations use this strategy for systems that cannot run an EDR/EPP agent.

Who rated this post