Install the Splunk App for PCI Compliance
Before you install the app, make sure you have satisfied the install prerequisites for both Splunk Enterprise and the Splunk App for PCI Compliance.
Download the app
From the customer portal, download and save the Splunk App for PCI Compliance in your local Splunk directory ($SPLUNK_HOME/).
Install the app
- Select Apps > Manage Apps > Install App from File to add this app your Splunk Enterprise instance.
- Click Set up now to complete the installation.
Set up the App
- Click Setup next to Enterprise Security in Manage Apps.
- Click Start then wait until it completes the entire installation. Note that Splunk App for PCI Compliance does not have its own setup; it shares a setup with Splunk Enterprise Security 4.x.x.
- Restart your instance of Splunk Enterprise.
- Access Splunk Web and log in.
With the Splunk App for PCI Compliance installed, review the options for how to get the data in:
- You can use data from preconfigured technology add-ons (for example TA-bluecoat).
- You can also create your own custom technology add-ons to capture specific data in your environment.
Note: For testing, use the SA-Eventgen to access sample PCI data generated. The SA-Eventgen can be enabled by setting
inputs.conf file or by going to Apps > Manage Apps. Click Enable next to the app.
Configure the app
To configure the app, click Configure in the menu bar from anywhere in the app. See Steps to configure in this manual to begin setting up the Splunk App for PCI Compliance for your cardholder data environment.
Install technology add-ons
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0