Splunk® App for PCI Compliance

User Manual

This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.

PCI Compliance Posture dashboard

The PCI Compliance Posture scorecard provides a summary of how compliant you are in each of the major PCI data security standards (DSS) requirements based on the data you are collecting in your environment. The PCI data security standard requires that you monitor your log data on a daily basis to look for anomalies that can impact cardholder data within the cardholder data environment.

Use this dashboard to see the total number of new issues, open issues, and closed issues found in your PCI environment. Compare the current status with the historical trend. View a summary of each requirement to see the current status of compliance for each control section. Use this dashboard to open individual Requirement Scorecards or to view the incidents within the Incident Review dashboard. Identify the issue owners and respond efficiently.

Compliance Status - Last 24 Hours

This panel displays the compliance status in your environment overall.

  • If there are any new issues, the status indicator will be red.
  • If there are no new issues, but any open issues, the status indicator will be yellow.
  • If all issues are closed, the status indicator will be green.

The numbers indicate the number of new, open, and closed compliance issues. These statuses are configurable.

Notable Events by Owner – Last 24 Hours

This view shows a list of notable events over the past 24 hours in real time sorted by owner. The default is "unassigned" and status options are New, Open, and Closed.

Notable Events by Urgency – Last 24 Hours

This view shows a list of notable events over the past 24 hours (in real time) sorted by Urgency and status (options are New, Open, and Closed).

Requirement Status

The status indicator in this view show the status of your PCI compliance over the past 24 hours by requirement, indicating the number of issues in each area. The is red if there are any new issues, yellow if there are any open issues, and green if all issues are closed. Click the status indicator to link to the relevant scorecard.

Notable Event History

A history of notable events for the past year, new and open, is displayed. Click a notable event to view details.

Notable Event History by Requirements

A history of notable events for the past year, new and open, displays by requirements. Click a notable event to view details.

Compliance Status History

This graph displays a 30-day overview of your organization's compliance history (Compliant, Partial, and Non-Compliant) by PCI requirement. If your organization is not in compliance with a PCI requirement, and does not become compliant within five days, the graph shows your organization as non-compliant for that requirement on the sixth day. This allows you time to remediate compliance issues before the issues negatively affect the organization's compliance status history. You can configure this time period from the default of five days to match your expected or promised compliance remediation timeline.

Last modified on 26 October, 2016
Dashboard overview   Incident Review dashboard

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters