Splunk® App for PCI Compliance

Installation and Configuration Manual

Download manual as PDF

Download topic as PDF

Configure Primary Functions list

The PCI DSS requires that systems include only one primary function. To report on systems that might be in violation of this requirement, solution administrators and compliance managers can populate a list to define the primary services. Use this information to determine violations.

View the Primary Functions service and ports list:

  1. Select Configure > Content > Content Management.
  2. Click the Primary Functions lookup. The Primary Functions lookup file (primary_functions.csv) appears in a lookup editor.
process,service,transport,port,is_primary,function
,,,,,Application (name)
splunkd,,,,false,splunk
slapd,,,,true,Authentication
,slapd,,,true,Authentication
,,*,389,true,Authentication
,,*,636,true,Authentication
mysqld,,,,true,Database
,mysqld,,,true,Database
,,*,3306,true,Database
named,,,,true,Domain Name Service (DNS)
,named,,,true,Domain Name Service (DNS)
,,*,53,true,Domain Name Service (DNS)
...


The first line in the file describes the fields in the file.

Field Description Example
process Process name. ssh
service Type of service. sshd
transport The transport protocol. TCP
port Port number. 8000
is_primary Does the service provide a primary function? true or false
function The function provided by the service/process. database

Add to, or modify this list using the editor. Click Save when you are done.

There is no file checking or verification for this editor, so any typo might break the lookup file.

PREVIOUS
Example methods of adding asset and identity data to the Splunk App for PCI Compliance
  NEXT
Configure Prohibited Traffic list

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.7.0, 3.7.1, 3.7.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters