Splunk® App for PCI Compliance

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.

Customize the menu bar in

Customize the menu bar in with the Edit Navigation view. Add new dashboards, reports, views, links to filtered dashboards, or links to the web to your menu bar. You must have administrator privileges to make changes to the menu bar navigation.

You can add views to the menu bar as part of a collection that groups several views together or as an individual item on the menu bar. For example, Incident Review is an individual dashboard in the menu bar, and each report domain, such as R1: Network Traffic is a collection.

persists customizations you made to the navigation from previous versions.

Check for updated views

Views and collections that are new, updated, or deprecated in the version of the app that you have installed are highlighted with small icons that indicate the relevant changes.

After installing a new version of or a new version of an app that provides views and collections for use in , visit the Edit Navigation view to check for updates in those views and collections.

  1. On the menu bar, select Configure > General > Navigation.
  2. If any content has been updated, the message "Some content updates available" appears at the top of the navigation editor.
  3. Look for icons on the views on the editor pane to find content that has been added, updated, or deprecated. These same icons also appear in the Add a New View and Add a New Collection menus.

Set a default view for

To see a specific view or link when you or another user opens , set a default view.

  1. On the menu bar, select Configure > General > Navigation.
  2. Locate the view or link that you want to be the default view.
  3. Click the checkmark icon that appears when you mouse over the view to Set this as the default view.
    Checkmark that appears to the left of the view name to set a view as a default view.
  4. Click Save to save your changes
  5. Click OK to refresh the page and view your changes.

Edit the existing menu bar navigation

  1. On the menu bar, select Configure > General > Navigation.
  2. Click and drag views or collections of views to change the location of the views or collections of views in the menu.
  3. Click the X next to a view or collection to remove it from the menu.
  4. Click the pencil icon to edit the name of a collection.
  5. Click the line icon to add a divider and visually separate items in a collection.
  6. Click Save to save your changes
  7. Click OK to refresh the page and view your changes.

Add a single view to the menu bar

You can add a new view to the menu bar without adding it to a collection.

  1. On the menu bar, select Configure > General > Navigation.
  2. Click Add a New View.
  3. Leave View Options set to the default of View.
  4. Click Select a View from Unused Views.
  5. Select a dashboard or view from the list.
  6. Click Save. The dashboard appears on the navigation editor.
  7. If you are finished adding items to the menu, click Save to save your changes
  8. Click OK to refresh the page and view your changes.

Add a collection to the menu bar

Use a collection to organize several views or links together in the menu bar.

  1. On the menu bar, select Configure > General > Navigation.
  2. Click Add a New Collection.
  3. Type a Name. For example, Audit.
  4. Click Save. The collection appears on the navigation editor.

You must add a view or link to the collection before it appears in the menu navigation.

Configure a custom report

The Splunk App for PCI Compliance provides reports for different aspects of your PCI compliance. Each report (or dashboard) in the Splunk App for PCI Compliance has an XML file, such as pci_malware_activity.xml, that describes the information used in the report, which notable events provide the data, and how that data is displayed. These reports are included as part of the app.

To add a custom report to your deployment, you need to first create the XML file for your report. See About the Dashboard Editor in the Dashboards and Visualizations manual.

Choose the domain that the report applies to

A report is associated, or categorized, with a domain within the app. In the Splunk App for PCI Compliance, these categories are shown in the Reports tab. The categories include:

  • R1: Network Traffic
  • R2: Default Configuration
  • R3: Protect Data at Rest

To have the new report show up in the correct place in the app navigation (or correct location in the menu bar), you must choose the category domain that the report applies to.

Add the report to the navigation menu bar

To add your custom report to the app, you need to add it to the navigation. You must associate the new report with a domain.

Add views to an existing collection. In this case, each PCI domain is a collection.

  1. On the menu bar, select Configure > General > Navigation.
  2. Locate the collection that you want to add views to.
  3. Click the Add View icon.
  4. Leave View Options set to the default of View.
  5. Click Select a View from Unused Views.
  6. Select a view from the list.
  7. Click Save. The view appears on the navigation editor.
  8. If you are finished adding items to the menu, click Save to save your changes
  9. Click OK to refresh the page and view your changes.

Add a link to the menu bar

You can add a link to the menu bar of . For example, add a link to a specifically-filtered view of Incident Review or to an external ticketing system.

Create a link in the menu to an external system or webpage

  1. On the menu bar, select Configure > General > Navigation.
  2. Click Add a New View to add it to the menu, or locate an existing collection and click the Add View icon to add the link to an existing collection of views.
  3. Select Link from View Options.
  4. Type a Name to appear on the menu. For example, Splunk Answers.
  5. Type a link. For example, https://answers.splunk.com/
  6. Click Save.
  7. If you are finished adding items to the menu, click Save to save your changes
  8. Click OK to refresh the page and view your changes.

Restore the default navigation

To restore the default navigation of the menu bar:

  1. On the menu bar, select Configure > General > Navigation.
  2. In the upper right corner, click Restore Default Configuration.
  3. Click OK to confirm.
  4. Scroll to the bottom of page and click Save.

Email a report

You can configure the Splunk App for PCI compliance to email a report by attaching the report to the email as an HTML file or by including it inline in the email body. See Define actions for your scheduled report with the Edit Schedule dialog in the Reporting Manual.

Last modified on 13 February, 2018
Configure Interesting Ports list   Configure and deploy indexes

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters