Splunk® App for PCI Compliance

Installation and Configuration Manual

Download manual as PDF

Download topic as PDF

Vulnerability Scan Details

Report on vulnerabilities discovered on PCI assets. This report looks at vulnerability scan details data produced by firewalls, routers, switches, and any other device that produces vulnerability data.

Vulnerability scans of the cardholder data environment expose potential vulnerabilities in networks that could be found and exploited by malicious individuals. When these weaknesses are identified, the organization should correct them and repeat the vulnerability scan to verify that they have corrected the vulnerabilities.

This report shows all vulnerabilities identified for selected assets. Use this report to identify specific high and/or critical vulnerabilities on cardholder systems that need to be fixed.

Relevant data sources

Relevant data sources for this report includes any vulnerability data.

How to configure this report

  1. Index vulnerability scan results in Splunk platform.
  2. Map the vulnerability data to the following Common Information Model fields: category,severity,signature,dest,os. If you want, you can map additional fields. cve, bugtraq, cert, msft, mskb, xref, cvss.
  3. Tag the successful synchronization data with "vulnerability" and "report".

Report description

The data in the Vulnerability Scan Details report is populated by the Vulnerabilities data model.

Useful searches for troubleshooting

Troubleshooting Task Search/Action Expected Result
Verify that you have data from your network devices. sourcetype=<expected_st> Returns data from your network devices.
Verify that vulnerability data is in Splunk platform. tag=vulnerability tag=report
or `vulnerability`
Returns vulnerability data.
Verify that fields are normalized and available at search time. `vulnerability` | table _time,dest,category,signature,cve,bugtraq,cert,msft,
mskb,xref,severity,cvss,os vendor_product
Returns a table of the vulnerability data fields.
PREVIOUS
PCI Asset Logging
  NEXT
Rogue Wireless Access Point Protection

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters