Using the zACS z/OSMF External plug-in
Once the zACS GUI is configured and users given the necessary access to use the zACS GUI on z/OSMF, users can log in to z/OSMF and navigate to the IBM® z/OS® Authorized Code Scanner. Users can then perform various functions such as:
- Generate and view PC, SVC, z/OS UNIX, and MVS™ tables.
- View and update the inclusion and exclusion configurations.
- Update the inclusion and exclusion data sets used for scans.
- Run potential vulnerability scans for PC, SVC, z/OS UNIX, and MVS programs.
- View potential vulnerability scan results.
Viewing the PC, SVC, z/OS UNIX, and MVS Tables
The generated tables for each type can be easily viewed on the home page of the GUI. Navigate to the home page to access the tables and explore the relevant information.
Each table has a separate tab.
Generating the PC, SVC, z/OS UNIX, and MVS Tables
To generate or refresh the tables, click the Generate or Refresh on the GUI. Selecting either option initiates the process of generating and updating the PC, SVC, z/OS UNIX, and MVS tables with the latest data. The tables must be generated before scans of a specific service type can be ran.
If the table is empty, click Generate Table.
Modifying Inclusion & Exclusion Lists
The GUI provides the flexibility to configure settings that are related to inclusion and exclusion for zACS scans. You can access the configuration options within the GUI and modify them according to your specific requirements. These settings determine the scope of the scans and which elements are included or excluded from analysis. These settings apply only to a full table scan, when not using optional parameters.
To access these settings from the GUI, click the gear icon in the upper right of the page.
You are then presented with the setting page with all the options from the userid.ZACS.CONFIG file.
Pressing Submit updates the high-level
qualifier.
Click Edit this configuration file to
open the configuration file for editing.
After your changes are made, click Save
Configuration to run validation on the changes. The file is saved if validation is
successful. If you want to revert the file to the previous saved state, click
Cancel to close without saving. A confirmation window appears
.
Filtering
Filter data sets are pulled from the configuration file and
displayed on the main settings window. If the data sets exist the option to view or edit the data
set appears. You must have authority to view or edit the data set to do
so.
Clicking View Dataset opens a separate window where you can edit the contents of the data set. Click Submit to save your changes to the data set or Cancel to return to the previous screen without saving.
Running zACS Scans
With the GUI, you can initiate zACS scans. Go to the test results page and locate Scan Now in the Run Scan section of the page.
Clicking Scan Now brings up a prompt to select the type of services you want to test, PCs, SVCs, z/OS UNIX programs, or MVS programs. After selecting the type of test, click Next.
To run a scan against the entire table, select the first option. Programs that are excluded by an inclusion or exclusion list are skipped.
Click Run Test to trigger the execution of the zACS scans to identify potential integrity vulnerabilities in your system.
When starting a full run, potentially hundreds of JCL jobs are submitted. When the ALL option is selected with PC, SVC, z/OS UNIX, and MVS, a confirmation window pops up to prevent accidentally starting a large run. To continue with the run, click YES. To cancel click NO, doing so takes you back to previous screen.
To narrow the scope of the test with optional parameters, the scan by module name and scan by number options can be used. See Optional Parameters for details.
For PCs and SVCs, there is an option to run an advanced test. Selecting this option causes increased time until completion compared to a basic test.
Viewing Scan Results
The scan results are organized such that the results of each type of service are in their own tab. Circle graphs are included that depict the historical pass, fail, and incomplete results for each type of testable service, at a glance. If multiple, unique, potential vulnerabilities are detected in a single service, the count reflects the number of unique potential vulnerabilities found. These results are cumulative from the initialization of the zACS started task. Restarting the started task clears the results and counts. Also, the user can filter the data based on specific dates to analyze the results of past scans or focus on recent runs. The circle graphs update to reflect the dates selected.
The results are presented in a clear and organized manner in the table, displaying key information such as pass and fail results of each scanned service, along with the type of potential vulnerability detected and CVSS score. Rows can be expanded by using the arrow on the left side to display further details.
In each table, an option exists to filter the data based on specific dates to analyze the results of past scans or focus on recent runs. The circle graphs update to reflect the dates selected.
The refresh icon refreshes all the tables and can be used to get new data.
View Full Scan Output Report
With the GUI, you can view the full scan report that can include additional potential vulnerability details. To do so, click View Raw Report on the Test Results page to open a window that displays the unmodified results data set.
User Action Notifications
Every user action has a notification that is assigned to it. The messages for each notification are explained in Messages. To view notifications after they are dismissed from the screen, press the bell icon.
Clicking the bell icon opens a window that displays the history of all notifications.
