Splunk® App for PCI Compliance

Installation and Configuration Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Configure Interesting Processes list

The PCI DSS requires that processes in the PCI domain be tracked. To report on systems that might be in violation of this requirement, solution administrators and compliance managers can populate a list to define interesting processes. You can use this information to determine violations.

View the list.

  1. Select Configure > Content Management.
  2. Click the "Interesting Processes" list. In the Lookup editor, the interesting Processes lookup file (interesting_processes.csv) appears.
app,dest,dest_pci_domain,is_required,is_prohibited,is_secure,note

telnetd,*,*,false,true,false,The telnet application is prohibited because of insecure authentication.

The first line in the file describes the fields in the file.

Field Description Example
app The application that is the source of the activity. Win32Time
dest The host that is the destination of the activity. Use a wildcard * to match all hosts. ACME_host_001
dest_pci_domain The source domain of of the activity. cardholder
is_required Should the given service be required to be running? true
false
is_prohibited Is the service/traffic/port prohibited? true
false
is_secure Is the traffic for the given service encrypted? true
false
note Note or description about the process. The telnet application is prohibited because of insecure authentication.

Add to or modify this list using the editor. Click Save when you are done.

There is no file checking or verification for this editor, so any typo might break the lookup file.

Last modified on 16 February, 2018
PREVIOUS
Configure Interesting Services list
  NEXT
Configure Interesting Ports list

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters