Credit Card Data Found
This report looks at credit card data, found in motion or at rest, from IDS, IPS, and DLP systems to provide visibility into potentially unauthorized transmissions of credit card data over the network or to unauthorized removable storage devices. Use this report to identify the source of the transmission so it can be further investigated and fixed.
The cardholder data environment should be monitored for unauthorized egress transmission of credit card data using IDS, IPS, and DLP-based technologies. PCI requires that cardholder data be protected from unauthorized access or distribution.
Relevant data sources
Relevant data sources for this report include alerts from IDS, IPS, or DLP solutions and alerts from the Luhn-based algorithm detection method implemented in the Splunk Enterprise Security framework and used by the Splunk App for PCI Compliance.
How to configure this report
Make sure the activity data you are monitoring conforms to the Common Information Model.
- Index DLP, IDS, IPS, or other data that indicates discovery of credit card data in Splunk platform.
- Map the data to the following Common Information Model fields:
src, dest, dvc, signature
. CIM-compliant add-ons for these data sources perform this step for you. - Tag the relevant events with "pii".
Report description
The data in the Unauthorized Credit Card Transmissions report is populated by the IDS Attack data model.
Useful searches for troubleshooting
Troubleshooting Task | Search/Action | Expected Result |
---|---|---|
Verify that data is present. | `ids_attack` | search tag=pii tag=ids tag=attack | Returns all unauthorized credit card transmissions data. |
Verify that fields are normalized and available. | `ids_attack` | search tag=pii tag=ids tag=attack | table src, dest, dvc, signature | Returns a list of events and the specific unauthorized credit card transmission fields. |
Additional information
This report uses default source types.
Wireless Network Misconfigurations | Endpoint Product Deployment |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2
Feedback submitted, thanks!