Release Notes for the Splunk App for PCI Compliance
Splunk App for PCI Compliance version 4.4.0 includes the following enhancements.
| New Feature or Enhancement | Description |
|---|---|
| PCI Scorecards include both risk and notable events | New panels include Risk Modifiers by Severity and Risk Modifiers over Time in all the scorecards. See Scorecards in the Splunk App for PCI Compliance User Manual. |
| PCI Reports include the Recent Risk Modifiers panel | The following reports include the new panel:
See Reports in the Splunk App for PCI Compliance User Manual. |
| MITRE ATT&CK annotations in correlation searches for PCI | The following MITRE ATT&CK annotations are pre-populated in the specified correlation searches:
|
| Notable events disabled by default in correlation searches for PCI | The following correlation searches that are used in PCI now have notable events disabled by default:
When you upgrade the PCI app, the savedsearches.conf file will be updated in the default directory. You need to recreate the notable alert in the correlation searches after upgrading the app. To create a notable event, see Create a notable event in the Splunk App for PCI Compliance User Manual. |
| Default risk factor for PCI Source | Enable the default risk factors designed for specific conditions to dynamically assign risk scores to risk objects and effectively isolate threats using Splunk App for PCI Compliance. See Use default risk factors in Splunk App for PCI Compliance in the Splunk App for PCI Compliance User Manual. |
| Governance lookups against risk events | Two new fields are added to the data model in apps/SA-ThreatIntelligence/package/default/data/models/Risk.json for PCI governance values. The fields are governance and control. See Risk Analysis in the Splunk Developer Guide.
|
| The Splunk App for PCI Compliance (for Splunk Enterprise) includes a behavior change for consistency in case-sensitive matching | Reverse lookups are now case insensitive, so that the behavior is consistent with | search logic in the search bar. The lookup stanzas in transforms.conf are revised to include the flag for reverse_lookup_honor_case_sensitive_match = false.
|
The Splunk App for PCI Compliance (for Splunk Enterprise) includes framework improvements from the Splunk Enterprise Security framework.
Starting with version 6.1.x, Splunk Enterprise Security is supported on Python3 and requires a minimum of Splunk Enterprise 8.0.x. See Python with Splunk Enterprise Security in the Splunk Enterprise Python 3 Migration manual.
The installer package size is >500MB, which is larger than the default upload limit for installing apps from the SplunkWeb UI. See Install the Splunk App for PCI Compliance in the Installation and Configuration Manual.
Compatibility
See Install prerequisites in the Installation and Upgrade Manual for information about the Splunk App for PCI Compliance and compatibility with the Splunk platform and Splunk Enterprise Security.
Support
- Visit Splunk Answers to ask questions of the Splunk community.
- Access the #splunk IRC channel on EFnet.
- For assistance with an issue, file a case using the Splunk Support Portal.
- For assistance installing, upgrading, or scaling a Splunk App for PCI Compliance deployment, contact the Splunk Professional Services team.
| Splunk App for PCI Compliance Fixed Issues |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 4.4.0
Download manual
Feedback submitted, thanks!