Search View Matrix
Correlation search thresholds
Some correlation searches in the Splunk App for PCI Compliance use the Machine Learning Toolkit framework from Splunk Enterprise Security. Other correlation searches use search-defined thresholds. See Machine Learning Toolkit Overview in Splunk Enterprise Security in Administer Splunk Enterprise Security for more.
Dashboard searches
These searches support dashboard panels in the user interface. Most dashboard panels are populated with data from accelerated data models, however some searches use the underlying raw data as well.
Requirement 1 Reports
Search or Dashboard | Firewall Rule Activity | Network Traffic Activity | Prohibited Services |
---|---|---|---|
Network - Communication Rule Tracker - Lookup Gen | X | ||
Endpoint - Listening Ports Tracker - Lookup Gen | X | ||
Endpoint - Local Processes Tracker - Lookup Gen | X | ||
Endpoint - Services Tracker - Lookup Gen | X |
Requirement 2 Reports
Search or Dashboard | Default Account Access | Insecure Authentication Attempts | Primary Functions | Prohibited Services | System Misconfigurations | Wireless Network Misconfigurations | Weak Encrypted Communication | PCI System Inventory |
---|---|---|---|---|---|---|---|---|
Endpoint - Listening Ports Tracker - Lookup Gen | X | X | X | |||||
Endpoint - Local Processes Tracker - Lookup Gen | X | X | ||||||
Endpoint - Services Tracker - Lookup Gen | X | X |
Requirement 3 Reports
The Intrusion Detection data model populates these dashboards.
Requirement 4 Reports
The Certificate data model populates these dashboards.
Requirement 5 Reports
The Malware data model populates these dashboards.
Requirement 6 Reports
The Performance and Authentication data models populate these dashboards.
Requirement 7 Reports
The Authentication data model populates these dashboards.
Requirement 8 Reports
The Authentication data model populates these dashboards.
Requirement 10 Reports
The Change Analysis, Authentication, and Performance data models populate these dashboards.
Requirement 11 Reports
The Change Analysis, Intrusion Detection, and Vulnerabilities data models populate these dashboards.
Searches that create notable events
Many of the searches in the Splunk App for PCI Compliance create notable events and are not used by dashboards.
Use default risk factors in | Search macros |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2
Feedback submitted, thanks!