Splunk® App for PCI Compliance

Installation and Configuration Manual

Download manual as PDF

This documentation does not apply to the most recent version of PCI. Click here for the latest version.
Download topic as PDF

Install the Splunk App for PCI Compliance

Before you install the app, make sure you have satisfied the install prerequisites for both Splunk Enterprise and the Splunk App for PCI Compliance.

Download the app

From the customer portal, download and save the Splunk App for PCI Compliance in your local Splunk directory ($SPLUNK_HOME/).

Install the app

  1. Select Apps > Manage Apps > Install App from File to add this app your Splunk Enterprise instance.
  2. Click Set up now to complete the installation.

Set up the App

  1. Click Setup next to Enterprise Security in Manage Apps.
  2. Click Start then wait until it completes the entire installation. Note that Splunk App for PCI Compliance does not have its own setup; it shares a setup with Splunk Enterprise Security 4.x.x.
  3. Restart your instance of Splunk Enterprise.
  4. Access Splunk Web and log in.

Add data

With the Splunk App for PCI Compliance installed, review the options for how to get the data in:

  • You can use data from preconfigured technology add-ons (for example TA-bluecoat).
  • You can also create your own custom technology add-ons to capture specific data in your environment.

Note: For testing, use the SA-Eventgen to access sample PCI data generated. The SA-Eventgen can be enabled by setting disabled=0 in inputs.conf file or by going to Apps > Manage Apps. Click Enable next to the app.

Configure the app

To configure the app, click Configure in the menu bar from anywhere in the app. See Steps to configure in this manual to begin setting up the Splunk App for PCI Compliance for your cardholder data environment.

PREVIOUS
Install prerequisites
  NEXT
Install technology add-ons

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters