Weak Encrypted Communication
This report looks at network data to identify network sessions encrypted with SSL or weak or insecure versions of the TLS protocol. Track SSL and TLS sessions in the PCI network and identify those encrypted by insecure SSL and TLS versions. Network traffic that uses those encryption protocols could be insecure and in violation of the PCI standard.
Relevant data sources
Relevant data sources for this report include any log source that tracks SSL and TLS sessions. For example, firewall data, IDS and IPS devices, streaming data from Splunk Stream, or other network capture apps.
How to configure this report
- Index network data into Splunk platform.
- Map the data to the following Common Information Model fields. Map the SSL or TLS version from the network traffic data to the
ssl_version
dataset in the Certificates data model. CIM-compliant add-ons for network traffic data sources perform this step for you.
Report description
The data in the Weak Encrypted Communications report is populated by data from the Certificates data model and notable events that result from the Insecure Or Cleartext Authentication Detected correlation search.
System Misconfigurations | Wireless Network Misconfigurations |
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2
Feedback submitted, thanks!