Release Notes for the Splunk App for PCI Compliance
Splunk App for PCI Compliance version 4.4.0 includes the following enhancements.
|New Feature or Enhancement||Description|
|PCI Scorecards include both risk and notable events||New panels include Risk Modifiers by Severity and Risk Modifiers over Time in all the scorecards. See Scorecards in the Splunk App for PCI Compliance User Manual.|
|PCI Reports include the Recent Risk Modifiers panel||The following reports include the new panel:
See Reports in the Splunk App for PCI Compliance User Manual.
|MITRE ATT&CK annotations in correlation searches for PCI||The following MITRE ATT&CK annotations are pre-populated in the specified correlation searches:
|Notable events disabled by default in correlation searches for PCI||The following correlation searches that are used in PCI now have notable events disabled by default:
When you upgrade the PCI app, the savedsearches.conf file will be updated in the default directory. You need to recreate the notable alert in the correlation searches after upgrading the app.
To create a notable event, see Create a notable event in the Splunk App for PCI Compliance User Manual.
|Default risk factor for PCI Source||Enable the default risk factors designed for specific conditions to dynamically assign risk scores to risk objects and effectively isolate threats using Splunk App for PCI Compliance. See Use default risk factors in Splunk App for PCI Compliance in the Splunk App for PCI Compliance User Manual.|
|Governance lookups against risk events||Two new fields are added to the data model in |
|The Splunk App for PCI Compliance (for Splunk Enterprise) includes a behavior change for consistency in case-sensitive matching||Reverse lookups are now case insensitive, so that the behavior is consistent with |
The Splunk App for PCI Compliance (for Splunk Enterprise) includes framework improvements from the Splunk Enterprise Security framework.
Starting with version 6.1.x, Splunk Enterprise Security is supported on Python3 and requires a minimum of Splunk Enterprise 8.0.x. See Python with Splunk Enterprise Security in the Splunk Enterprise Python 3 Migration manual.
The installer package size is >500MB, which is larger than the default upload limit for installing apps from the SplunkWeb UI. See Install the Splunk App for PCI Compliance in the Installation and Configuration Manual.
See Install prerequisites in the Installation and Upgrade Manual for information about the Splunk App for PCI Compliance and compatibility with the Splunk platform and Splunk Enterprise Security.
- Visit Splunk Answers to ask questions of the Splunk community.
- Access the #splunk IRC channel on EFnet.
- For assistance with an issue, file a case using the Splunk Support Portal.
- For assistance installing, upgrading, or scaling a Splunk App for PCI Compliance deployment, contact the Splunk Professional Services team.
Splunk App for PCI Compliance Fixed Issues
This documentation applies to the following versions of Splunk® App for PCI Compliance: 4.4.0