Splunk® App for PCI Compliance

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.

Configure Primary Functions list

The PCI DSS requires that systems include only one primary function. To report on systems that might be in violation of this requirement, solution administrators and compliance managers can populate a list to define the primary services. Use this information to determine violations.

View the Primary Functions service and ports list:

  1. Select Configure > Content > Content Management.
  2. Click the Primary Functions lookup. The Primary Functions lookup file (primary_functions.csv) appears in a lookup editor.
process,service,transport,port,is_primary,function
,,,,,Application (name)
splunkd,,,,false,splunk
slapd,,,,true,Authentication
,slapd,,,true,Authentication
,,*,389,true,Authentication
,,*,636,true,Authentication
mysqld,,,,true,Database
,mysqld,,,true,Database
,,*,3306,true,Database
named,,,,true,Domain Name Service (DNS)
,named,,,true,Domain Name Service (DNS)
,,*,53,true,Domain Name Service (DNS)
...


The first line in the file describes the fields in the file.

Field Description Example
process Process name. ssh
service Type of service. sshd
transport The transport protocol. TCP
port Port number. 8000
is_primary Does the service provide a primary function? true or false
function The function provided by the service/process. database

Add to, or modify this list using the editor. Click Save when you are done.

There is no file checking or verification for this editor, so any typo might break the lookup file.

Last modified on 03 December, 2018
Configure identities   Configure Prohibited Traffic list

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters