Splunk® App for PCI Compliance

User Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Incident Review dashboard

The Incident Review dashboard shows the current incidents in your PCI compliance environment, by selected time period. Use the drop-down menu to select a time range to investigate. Use the filters to narrow your search to specific types of events or areas. The Incident Review framework is shared with Splunk Enterprise Security.

When you identify an event to investigate, use this window to gather more information about the event.

Filters available for this window:

Filter Description
Status Status of the event (for example, New, Open, or Closed)
Owner The current owner of the event (the default is "unassigned")
Name Automatically assigned to the event
Security domain Domain in which the event occurred (for example, Access)
Governance The area of governance (default is "pci")
Search Add additional search parameters to this field
time window Select a time range for the search

Click on the timeline for more details about an event.

Last modified on 26 October, 2016
PREVIOUS
PCI Compliance Posture dashboard
  NEXT
Scorecards

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.2.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters