Splunk® App for PCI Compliance

Installation and Configuration Manual

Weak Encrypted Communication

This report looks at network data to identify network sessions encrypted with SSL or weak or insecure versions of the TLS protocol. Track SSL and TLS sessions in the PCI network and identify those encrypted by insecure SSL and TLS versions. Network traffic that uses those encryption protocols could be insecure and in violation of the PCI standard.

Relevant data sources

Relevant data sources for this report include any log source that tracks SSL and TLS sessions. For example, firewall data, IDS and IPS devices, streaming data from Splunk Stream, or other network capture apps.

How to configure this report

  1. Index network data into Splunk platform.
  2. Map the data to the following Common Information Model fields. Map the SSL or TLS version from the network traffic data to the ssl_version dataset in the Certificates data model. CIM-compliant add-ons for network traffic data sources perform this step for you.

Report description

The data in the Weak Encrypted Communications report is populated by data from the Certificates data model and notable events that result from the Insecure Or Cleartext Authentication Detected correlation search.

Last modified on 14 February, 2022
System Misconfigurations   Wireless Network Misconfigurations

This documentation applies to the following versions of Splunk® App for PCI Compliance: 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.3.0, 5.3.1, 5.3.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters