Splunk® App for PCI Compliance

User Manual

Identity Center

Use the Identity Center dashboard to review and search for objects in the identity data added to Splunk. This table drives the correlation between user identity data and event data captured from the PCI resources sending data to Splunk. Identity data represents a list of account names, legal names, nicknames, and alternate names, along with other associated information about each identity.

Filtering Identities in Identity Center

The filter for the Identity Center dashboard uses a key=value pair search field. To filter identities, enter a key=value pair instead of a name or text string.

Some sample key=value pairs are email=*acmetech.com or nick=a_nickname.

Use the available dashboard filters to refine the results displayed on the dashboard panels.

Filter by Description Action
Username A known or unknown user Text field. Empty by default. Wildcard strings with an asterisk (*)
Priority Filter by the Priority field in the Identities table Drop-down by Priority.
Business Unit A group or department classification for the identity. Text field. Empty by default. Wildcard strings with an asterisk (*)
Category Filter by the Category field in the Identities table. Drop-down by Category.
Watchlisted Identities Only Filter by the identities tagged as "watchlist" in the Identities table. Drop-down: select to filter by
Time Range Select the time range to represent. Drop-down: select to filter by

Dashboard Panels

Panel Description
Identities by Priority Displays the count of Identities by priority level. The drilldown opens a search with the selected priority level.
Identities by Business Unit Displays the relative number of Identities by business unit. The drilldown opens a search with the selected business unit.
Identities by Category Displays the relative number of Identities by category. The drilldown opens a search with the selected category.
Identity Information Shows a list of identities active in the PCI compliance environment, with details from the Identity table. Click "View full results" for more information about the event. The drilldown opens the Identity Investigator dashboard if the identity field is selected. Any other field opens a search with the selected field.

Data sources

The reports in the Identity Center dashboard reference fields in the Asset and Identities data model. Relevant data sources include lists of assets and identities collected and loaded as lookups, scripted inputs, or search extracted data.

Last modified on 14 February, 2022
Asset Center   Search

This documentation applies to the following versions of Splunk® App for PCI Compliance: 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.3.0, 5.3.1, 5.3.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters