Splunk® App for PCI Compliance

Installation and Configuration Manual

About Splunk App for PCI Compliance

Install the Splunk App for PCI Compliance in a Splunk deployment that captures information from applications, systems, and devices in the PCI cardholder data environment.

Use the Splunk App for PCI Compliance to do the following tasks:

  • Capture, monitor, and report on data from enterprise devices, systems, and applications in the cardholder data environment.
  • Monitor access attempts to PCI assets.
  • Monitor traffic between PCI domains.
  • Identify vulnerabilities found on PCI assets.
  • Notify administrators of malware found on PCI assets.
  • Investigate and resolve compliance issues.
  • Enable PCI compliance managers to monitor and report on PCI DSS compliance by producing views and reports of significant activity.

The Splunk App for PCI Compliance includes the following:

  • Incident Review and Response. Use the incident management framework to alert, assign, evaluate risk, and respond to potential security incidents. The notable events allow compliance managers to view, respond, and audit the response to issues discovered in the cardholder data environment.
  • Compliance Reports. Report-based views for each of the relevant compliance controls. Each report includes filters to specify specific parameters to evaluate different data views, so compliance managers can evaluate the cardholder data environment (CDE) as needed or required by a compliance auditor.
  • PCI Requirement Scorecards. New compliance scorecards provide an overview of compliance for each major PCI requirement. This view shows the current real-time compliance status and a historical trend of compliance over the last 365 days. Compliance managers can use this dashboard to see where they are having compliance issues, and drill down to see reports or incidents.
  • Asset and Identity Correlation. Asset and identity correlation facilitates compliance reporting against specific assets in the PCI cardholder data environment and users with access to the PCI assets. This allows compliance managers to monitor the cardholder data environment and provide the necessary user and asset context to support incident response.
  • Audit Review and Reporting. Everything that a compliance manager does within the Splunk App for PCI Compliance solution can be audited. This provides an audit trail of all activity to provide proof to auditors that the environment is being monitored and issues responded to on an ongoing basis.
  • Data Normalization. The Splunk App for PCI Compliance relies on data added to the Splunk platform indexers using add-ons that are compliant with the Splunk Common Information Model (CIM).
  • Correlation Searches. Correlation searches create notable events on Incident Review that correspond to common threats to monitor in a cardholder data environment.
Last modified on 14 February, 2022
About PCI DSS   How this app works with Splunk Enterprise Security

This documentation applies to the following versions of Splunk® App for PCI Compliance: 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.3.0, 5.3.1, 5.3.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters