Configure Primary Functions list
The PCI DSS requires that systems include only one primary function. To report on systems that might be in violation of this requirement, solution administrators and compliance managers can populate a list to define the primary services. Use this information to determine violations.
View the Primary Functions service and ports list:
- Select Configure > Data Enrichment > Lists and Lookups.
- Click the Primary Functions list. The Primary Functions lookup file (
primary_functions.csv
) appears in the Lookup editor.
process,service,transport,port,is_primary,function ,,,,,Application (name) splunkd,,,,false,splunk slapd,,,,true,Authentication ,slapd,,,true,Authentication ,,*,389,true,Authentication ,,*,636,true,Authentication mysqld,,,,true,Database ,mysqld,,,true,Database ,,*,3306,true,Database named,,,,true,Domain Name Service (DNS) ,named,,,true,Domain Name Service (DNS) ,,*,53,true,Domain Name Service (DNS) ...
The first line in the file describes the fields in the file.
Field | Description | Example |
---|---|---|
process | Process name. | ssh |
service | Type of service. | sshd |
transport | The transport protocol. | TCP |
port | Port number. | 8000 |
is_primary | Does the service provide a primary function? | true or false |
function | The function provided by the service/process. | database |
Add to, or modify this list using the editor. Click Save when you are done.
There is no file checking or verification for this editor, so any typo might break the lookup file.
Configure identities | Configure Prohibited Traffic list |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2
Feedback submitted, thanks!