Splunk® App for PCI Compliance

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.

Install technology add-ons

The Splunk App for PCI Compliance solution includes predefined technology add-ons to work with the data you want to monitor. The add-ons provide the feeds to get data from different sources, and provide search-time knowledge maps to normalize the data for use within the app. Technology add-ons ensure that the data is correctly consumed by the Splunk App for PCI Compliance.

Use the following list to identify the required technology add-ons that are automatically installed when you install Splunk App for PCI Compliance (for Splunk Enterprise):

Do not uninstall these required technology add-ons.

  • SA-AccessProtection
  • SA-AuditAndDataProtection
  • SA-EndpointProtection
  • SA-IdentityManagement
  • SA-NetworkProtection
  • SA-ThreatIntelligence
  • SA-UEBA
  • SA-Utils
  • Enterprise Security
  • PCI Compliance
  • Splunk Machine Learning Toolkit
  • Splunk Common Information Model
  • Splunk Add-on for UEBA
  • splunk_ingest_actions

Use the following list to identify the required technology add-ons that are automatically installed when you install Splunk App for PCI Compliance (for Splunk Enterprise Security):

Do not uninstall these required technology add-ons.

  • DA-ESS-AccessProtection
  • DA-ESS-EndpointProtection
  • DA-ESS-IdentityManagement
  • DA-ESS-NetworkProtection
  • DA-ESS-ThreatIntelligence
  • SA-AccessProtection
  • SA-AuditAndDataProtection
  • SA-EndpointProtection
  • SA-IdentityManagement
  • SA-NetworkProtection
  • SA-ThreatIntelligence
  • SA-UEBA
  • SA-Utils
  • Enterprise Security
  • PCI Compliance
  • Splunk Machine Learning Toolkit
  • Splunk Common Information Model
  • Splunk Add-on for UEBA
  • splunk_ingest_actions


Steps for installing technology add-ons

Configure or add technology add-ons to your deployment.

Find technology add-ons

To find a technology add-on to add:

  1. Click Apps > Manage Apps.
  2. Click Browse more apps.
  3. Browse list of apps.

Before you install a new add-on, make sure the add-on is compatible with the Splunk App for PCI Compliance.

Add a technology add-on from a local file

To add a technology add-on locally:

  1. Click Apps> Manage Apps.
  2. Click Install app from file.
  3. In the Upload an app panel, browse for the app, select it, then click Upload.

Edit an existing add-on

To edit an existing add-on:

  1. Click Apps > Manage Apps.
  2. Select the app from the list.
  3. Click Edit Properties for the app you want to configure.
  4. Click Save.

Update technology add-ons

A newer version of a technology add-on used by the Splunk App for PCI Compliance might be available on Splunkbase.

Update the app from within Splunk Enterprise

To check for a newer version, go to Apps > Manage Apps from the Splunk menu. If there is an updated version of a technology add-on, there will be a link similar to this: 4.6.0|Update to 4.6.3 in the Version column. You need to be logged in to Splunk.com to download the technology add-on.

  1. To update your existing technology add-on with the newer one, click the link in the version column.
  2. Click Update to get the newer version.
  3. Click Restart.

Update the app manually

  1. Go to Splunkbase and find the new version of the add-on. Download the add-on to your desktop or local directory.
  2. Install the add-on by navigating to Manage Apps > Install app from file from the Splunk Home page.
  3. Browse to the add-on location and select the add-on.
  4. Select Upgrade app so that the newer version of the add-on overwrites the older one.
  5. Click Upload.
  6. Click Restart.

See Using technology add-ons in this manual.

Last modified on 22 August, 2022
Install the Splunk App for PCI Compliance   Steps to configure the Splunk App for PCI Compliance

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters