Splunk® App for PCI Compliance

User Manual

Search View Matrix

Correlation search thresholds

Some correlation searches in the Splunk App for PCI Compliance use the Machine Learning Toolkit framework from Splunk Enterprise Security. Other correlation searches use search-defined thresholds. See Machine Learning Toolkit Overview in Splunk Enterprise Security in Administer Splunk Enterprise Security for more.

Dashboard searches

These searches support dashboard panels in the user interface. Most dashboard panels are populated with data from accelerated data models, however some searches use the underlying raw data as well.

Requirement 1 Reports

Search or Dashboard Firewall Rule Activity Network Traffic Activity Prohibited Services
Network - Communication Rule Tracker - Lookup Gen X
Endpoint - Listening Ports Tracker - Lookup Gen X
Endpoint - Local Processes Tracker - Lookup Gen X
Endpoint - Services Tracker - Lookup Gen X

Requirement 2 Reports

Search or Dashboard Default Account Access Insecure Authentication Attempts Primary Functions Prohibited Services System Misconfigurations Wireless Network Misconfigurations Weak Encrypted Communication PCI System Inventory
Endpoint - Listening Ports Tracker - Lookup Gen X X X
Endpoint - Local Processes Tracker - Lookup Gen X X
Endpoint - Services Tracker - Lookup Gen X X

Requirement 3 Reports

The Intrusion Detection data model populates these dashboards.

Requirement 4 Reports

The Certificate data model populates these dashboards.

Requirement 5 Reports

The Malware data model populates these dashboards.

Requirement 6 Reports

The Performance and Authentication data models populate these dashboards.

Requirement 7 Reports

The Authentication data model populates these dashboards.

Requirement 8 Reports

The Authentication data model populates these dashboards.

Requirement 10 Reports

The Change Analysis, Authentication, and Performance data models populate these dashboards.

Requirement 11 Reports

The Change Analysis, Intrusion Detection, and Vulnerabilities data models populate these dashboards.

Searches that create notable events

Many of the searches in the Splunk App for PCI Compliance create notable events and are not used by dashboards.

Last modified on 14 February, 2022
Use default risk factors in   Search macros

This documentation applies to the following versions of Splunk® App for PCI Compliance: 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.3.0, 5.3.1, 5.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters