https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324637#M2983 <P>The PCI Compliance App is far from free; several hundred thousand dollars. </P> Wed, 08 Apr 2020 14:11:30 GMT cly 2020-04-08T14:11:30Z https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324632#M2978 <P>Has anyone developed guidelines for what should be (and should not be) logged in Splunk for PCI Compliance audits? Referring specifically to the storage and data management requirements as described in the Information Security Forum (ISF) Standard of Good Practice (SoGP), the Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, and US National Institute for<BR /> Standards and Technology (NIST) Cybersecurity Framework. We don't want to "log everything" so I'm curious if there are best practices regarding what to log - e.g., log data related to ABC requirements because Splunk processing is needed, but data related to XYZ requirements can be logged elsewhere because Splunk processing is not needed. Any help and guidance is greatly appreciated. </P> Wed, 06 Sep 2017 13:37:09 GMT https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324632#M2978 JimSchlaker 2017-09-06T13:37:09Z https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324633#M2979 <P>Check out the free Splunk App for PCI Compliance at <A href="https://splunkbase.splunk.com/app/1143/">https://splunkbase.splunk.com/app/1143/</A>.</P> Wed, 06 Sep 2017 13:58:32 GMT https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324633#M2979 richgalloway 2017-09-06T13:58:32Z https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324634#M2980 <P>Thanks for the link to the PCI Compliance app. The app appears to be worthwhile in this scenario: "Now that we have logged <EM>everything</EM> in Splunk, use the app determine overall compliance and gaps". But we're not interested in logging everything to Splunk. Instead we're curious to hear best practices regarding what is valuable to log in Splunk (i.e. Splunk is the best place for it because Splunk adds value in meeting PCI DSS audit/storage requirements) versus what is not valuable in Splunk (i.e., don't waste your ingestion license because Splunk adds no value in helping to meet PCI DSS audit/storage requirements). Any thoughts on this topic are greatly appreciated. </P> Wed, 06 Sep 2017 17:40:37 GMT https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324634#M2980 JimSchlaker 2017-09-06T17:40:37Z https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324635#M2981 <P>You don't have to use the PCI Compliance app, but it can give ideas about how Splunk can help monitor compliance. See what indicators the app provides, decide which ones are important to you, then log the data needed for those indicators. You can even build your own dashboard(s) using that data.</P> Wed, 06 Sep 2017 19:29:21 GMT https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324635#M2981 richgalloway 2017-09-06T19:29:21Z https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324636#M2982 <P>I want to do pci but not through app, can you tell me what are best practices in Splunk to make logs pci compliance .</P> Fri, 21 Dec 2018 19:26:45 GMT https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324636#M2982 rajneeshc1981 2018-12-21T19:26:45Z https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324637#M2983 <P>The PCI Compliance App is far from free; several hundred thousand dollars. </P> Wed, 08 Apr 2020 14:11:30 GMT https://community.splunk.com/t5/Monitoring-Splunk/How-to-optimize-Splunk-for-PCI-Compliance/m-p/324637#M2983 cly 2020-04-08T14:11:30Z