Configure Interesting Processes list
The PCI DSS requires that processes in the PCI domain be tracked. To report on systems that might be in violation of this requirement, solution administrators and compliance managers can populate a list to define interesting processes. You can use this information to determine violations.
View the list.
- Select Configure > Content Management.
- Click the "Interesting Processes" list. In the Lookup editor, the interesting Processes lookup file (
interesting_processes.csv
) appears.
app,dest,dest_pci_domain,is_required,is_prohibited,is_secure,note telnetd,*,*,false,true,false,The telnet application is prohibited because of insecure authentication.
The first line in the file describes the fields in the file.
Field | Description | Example |
---|---|---|
app | The application that is the source of the activity. | Win32Time |
dest | The host that is the destination of the activity. Use a wildcard * to match all hosts.
|
ACME_host_001 |
dest_pci_domain | The source domain of of the activity. | cardholder |
is_required | Should the given service be required to be running? | true false |
is_prohibited | Is the service/traffic/port prohibited? | true false |
is_secure | Is the traffic for the given service encrypted? | true false |
note | Note or description about the process. | The telnet application is prohibited because of insecure authentication. |
Add to or modify this list using the editor. Click Save when you are done.
There is no file checking or verification for this editor, so any typo might break the lookup file.
Configure Interesting Services list | Configure Interesting Ports list |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2
Feedback submitted, thanks!