VitalSigns SIEM Agent for z/OS (VSA), formerly known as SMA_RT, is a mainframe security event integration tool that collects, filters, and forwards z/OS security log data to enterprise SIEM solutions in real time. VSA collects security logs and messages from z/OS security subsystems including RACF, ACF2, Top Secret, DB2, CICS, and FTP. It filters the collected event records based on user-defined settings to reduce noise, then transmits the filtered records in SIEM-compatible formats (CEF and LEEF) to supported SIEM platforms. Key operational characteristics: - Monitors both z/OS and UNIX System Services (USS) - Gathers intelligence from z/OS SMF records and the system operator interface - Uses both signature-based and anomaly-based attack detection methods - Provides APIs for defining and filtering TSO, CICS, and batch events - Workload is zIIP eligible, allowing processing to be offloaded to IBM zIIP specialty engines for cost reduction - Operates with a small footprint per LPAR with minimal CPU overhead - Does not require a z/OS IPL for installation VSA supports compliance requirements for FISMA, GDPR, GLBA, HIPAA, PCI, and SOX by enabling administrators to define specific monitoring parameters and automatically forward data to an enterprise SIEM. The product is certified as a "Ready for IBM Security Intelligence" product and transmits real-time alerts that can be managed, filtered, routed, and searched within the connected SIEM platform.