Splunk® App for PCI Compliance

User Manual

Scorecards

Scorecards display a real-time summary view of your compliance with the PCI data security standard in each of the requirement areas.

The Splunk App for PCI Compliance includes these scorecards:

  • Requirement 1: Network Traffic - Summary of firewall and network traffic-related compliance issues
  • Requirement 2: Default Configurations - Summary of configuration-related compliance issues
  • Requirement 3: Protect Data At Rest - Summary of compliance issues related to cardholder data at rest
  • Requirement 4: Protect Data In Motion - Summary of compliance issues related to cardholder data in motion
  • Requirement 5: Anti-malware Protection - Summary of anti-malware related compliance issues
  • Requirement 6: Patch Update Protection - Summary of system and application patch related compliance issues
  • Requirement 7: Access Monitoring - Summary of access-related compliance issues
  • Requirement 8: Activity Accountability - Summary of user activity related compliance issues
  • Requirement 10: Cardholder Data Access - Summary of cardholder data access related compliance issues
  • Requirement 11: Vulnerability Testing - Summary of vulnerability, IDS, and file integrity related compliance issues

Using the scorecards

The consolidated compliance workflow status for each requirement area is indicated in the form of a status indicator. Red indicates a new status, yellow indicates an open status, and green indicates a closed status. Notable events are shown in the form of a bar chart by urgency. Notable events are also shown in the form of a table by owner.

Each scorecard or requirement area has its available reports listed, showing when the report was last viewed, and which user viewed the report. Notable event history displays as a chart. The following example shows a scorecard for requirement 1.

Example scorecard for requirement 1

Use the scorecard to monitor requirements such as for Network Traffic.

  1. From the menu bar, select Scorecards.
  2. Click R1: Network Traffic.

The R1: Network Traffic scorecard includes the following panels:

Panel Description
Compliance Status - Last 24 Hours Displays a checkmark if you're compliant for the last 24 hours. If not, contains links to Incident Review to see where your PCI governance is outside the control range.
Notable Events By Urgency - Last 24 Hours Displays the notable events by Urgency for the last 24 hours.

Notable Events by Urgency uses an urgency calculation based on the priority assigned to the asset and the severity assigned to the correlation search.

Notable Events By Owner - Last 24 Hours Displays the notable events by the name of the assigned owner, such as Administrator or esanalyst.
Views - Last 24 Hours Displays whether the corresponding reports were viewed for this requirement in the last 24 hours, and which user viewed them.
Notable Event History Displays the count of notable events based on the selected filter for the time range picker.
Risk Modifiers by Severity - Last 24 Hours Calculates the total risk score by Risk Object and Risk Object Type, and displays severity by different risk score thresholds. You can configure threshold values in the "Risk Severity Range Map" property from Configure > General Settings.
Risk Modifiers over Time Displays the Risk Modifiers count and total risk score based on the selected filter for the time range picker.
Last modified on 14 February, 2022
Incident Review   Reports

This documentation applies to the following versions of Splunk® App for PCI Compliance: 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.3.0, 5.3.1, 5.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters