Vulnerability Scan Details
Report on vulnerabilities discovered on PCI assets. This report looks at vulnerability scan details data produced by firewalls, routers, switches, and any other device that produces vulnerability data.
Vulnerability scans of the cardholder data environment expose potential vulnerabilities in networks that could be found and exploited by malicious individuals. When these weaknesses are identified, the organization should correct them and repeat the vulnerability scan to verify that they have corrected the vulnerabilities.
This report shows all vulnerabilities identified for selected assets. Use this report to identify specific high and/or critical vulnerabilities on cardholder systems that need to be fixed.
Relevant data sources
Relevant data sources for this report includes any vulnerability data.
How to configure this report
- Index vulnerability scan results in Splunk platform.
- Map the vulnerability data to the following Common Information Model fields:
category,severity,signature,dest,os
. If you want, you can map additional fields.cve, bugtraq, cert, msft, mskb, xref, cvss
. - Tag the successful synchronization data with "vulnerability" and "report".
Report description
The data in the Vulnerability Scan Details report is populated by the Vulnerabilities data model.
Useful searches for troubleshooting
Troubleshooting Task | Search/Action | Expected Result |
---|---|---|
Verify that you have data from your network devices. | sourcetype=<expected_st> | Returns data from your network devices. |
Verify that vulnerability data is in Splunk platform. | tag=vulnerability tag=report or `vulnerability` |
Returns vulnerability data. |
Verify that fields are normalized and available at search time. | `vulnerability` | table _time,dest,category,signature,cve,bugtraq,cert,msft, mskb,xref,severity,cvss,os vendor_product |
Returns a table of the vulnerability data fields. |
PCI Asset Logging | Rogue Wireless Access Point Protection |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2
Feedback submitted, thanks!