Splunk® App for PCI Compliance

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.

Understand the Splunk App for PCI Compliance

You can add data from the PCI cardholder data environment (CDE) using add-ons installed on Splunk forwarders. The forwarders send data to the indexers. After the data arrives at the indexers, the indexers perform custom categorization and field extractions and store the data. The Splunk App for PCI Compliance installed on a search head searches the indexed data and returns results, populating dashboards and providing administrators with an overview of their CDE.

  • The Splunk App for PCI Compliance (for Splunk Enterprise) includes the domain add-on (DA-ESS-PCICompliance) and supporting add-ons (SA-*) and technology add-ons (TA-*) that make up the Enterprise Security framework.
  • The Splunk App for PCI Compliance (for Splunk Enterprise Security) includes only the DA-ESS-PCICompliance domain add-on.

Several lookup files included in the add-ons that make up the Splunk App for PCI Compliance or the Enterprise Security framework are necessary for configuring the Splunk App for PCI Compliance.

Name File Location Description
PCI Views Splunk_DA-ESS_PCICompliance/lookups/pci_views.csv List of reports and mapping to main PCI DSS requirement.
Expected Views SA-AuditAndDataProtection/lookups/expected_views.csv Views that are tracked for auditing.
Prohibited Traffic SA-NetworkProtection/lookups/prohibited_traffic.csv Traffic that generates notable events when detected.
Identities SA-IdentityManagement/lookups/identities.csv List of identities used for identity correlation.
Assets SA-IdentityManagement/lookups/assets.csv List of assets used for asset correlation.
Categories List SA-IdentityManagement/lookups/categories.csv Categories that apply to assets and identities.
PCI Domains List SA-IdentityManagement/lookups/pci_domains.csv List of PCI domain labels.
Urgency Matrix SA-ThreatIntelligence/lookups/urgency.csv List of defined urgency levels.
Last modified on 11 April, 2017
Get support and find information about Splunk software   Identify data sources

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters