About Splunk App for PCI Compliance

The Splunk App for PCI Compliance is installed as part of a Splunk deployment that captures information (data) from applications, systems, and devices in the PCI cardholder data environment. The app maps this data to be used in the PCI compliance solution.

Use the Splunk App for PCI Compliance to do the following tasks:

• Capture, monitor, and report on data from enterprise devices, systems, and applications in the cardholder data environment.
• Monitor access attempts to PCI assets.
• Monitor traffic between PCI domains.
• Identify vulnerabilities found on PCI assets.
• Notify administrators of malware found on PCI assets.
• Investigate and resolve compliance issues.
• Enable PCI compliance managers to monitor and report on PCI DSS compliance by producing views and reports of significant activity.

The Splunk App for PCI Compliance includes the following:

• Daily Incident Review and Response. New incident management framework to support incident alerting, assignment, risk evaluation, and response workflow. This framework allows compliance managers to see a list of issues discovered in the cardholder data environment and allows them to respond to those issues and audit the full history of response activity.

• Out of the box Compliance Reports. Report-based views for each of the relevant compliance controls. Each report includes filters to specify specific parameters to evaluate different data views, so compliance managers can evaluate the cardholder data environment (CDE) as needed or required by a compliance auditor.

• Executive PCI Requirement Scorecards. New compliance scorecards provide a rolled up view of compliance for each major PCI requirement. This view shows the current real-time compliance status and a historical trend of compliance over the last 365 days. Compliance managers can use this dashboard to see where they are having compliance issues, and drill down to see reports or incidents.

• Unified Asset and Identity Correlation. A new integrated asset and identity correlation feature to facilitate compliance reporting against specific assets in the PCI cardholder data environment and users with access to the PCI assets. This allows the compliance managers to monitor the cardholder data environment and provide the necessary user and asset context to drive incident response.

• Audit Review and Reporting. Everything that a compliance manager does within the Splunk for PCI Compliance solution is audited. This provides an audit trail of all activity to provide proof to auditors that the environment is being monitored and issues responded to on an ongoing basis. This allows an organization to maintain continuous compliance and prove it.

• Unified Data Normalization. The data normalization layer within the PCI app has been aligned with the Splunk Common Information Model and is available in knowledge add-ons called Technology Add-ons. These add-ons include the data feeds and maps to normalize the data at search time for use within the app. The technology add-ons are shared infrastructure between the Enterprise Security and the PCI Compliance solutions.

• Predefined Correlation Searches. Correlation searches are used to drive notable events within the incident review and response framework. The solution includes additional correlation searches to monitor for common threats that can affect the cardholder data environment.

The PCI compliance practitioner can use the Splunk App for PCI Compliance to gain visibility into cardholder data environment (CDE) compliance status. Through the use of Splunk software search correlation and reporting capabilities, the Splunk App for PCI Compliance provides a top-down and bottom-up view of an organization's current PCI compliance status.