All Apps and Add-ons

Is there a Splunk App or Add-on that validates ISO27001 compliance after fulfilling specific auditing requirements?

krvamsireddy
Explorer

We are planning to achieve ISO27001 (open data exchange) for that we need to achieve specific auditing requirements, so do we have any app/addon in Splunk which will have dashboards/compliance to validate and thus making it to ISO27001 compliant.

Labels (2)
0 Karma

sandyjov1
Explorer

 Has anyone had this question answered?

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @sandyjov1,

I'm a GRC consultant and a Splunk Architect and I can confirm what @thambisetty said: there isn't an app for ISO/IEC27001 compliance, also because, for ISO/IEC27001 compliance you could only to check the presence of a SIEM or an antivirus or a firewall and to do this you don't need a system like Splunk.

In addition, in ISO/IEC27001 you have to check the presence of processes and organizational structures that you cannot check with Splunk.

Compliance ISO/IEC27001 is a process and to manage it you need a BPM system that permits to manage the process and archive documents, in other words Splunk has another job.

Using Splunk you could check the maturity of your IT infrastructure (not of all your organization) and the risk level of your infrastructure (using e.g. Enterprise Security) that's very useful for the risk analysis that's a little part of ISO/IEC27001 compliance process.

Using Splunk I created (it's an intellettual property of my company so I cannot share it) an app to integrate the results of more systems (Splunk ES, Tenable.io, a risk quantification tool, Office365, etc...) to show the maturity level of an infrastructure and the compliance with some framework (as NIST or ISO/IEC27001) but taking values from other systems.

I asked to present our platform to the Splunk .Conf2021 but our proposal wasn't accepted, Ill retry next year.

Ciao.

Giuseppe

0 Karma

thambisetty
SplunkTrust
SplunkTrust

I don’t think there is Splunk app for ISO27001. Because ISO27001 talks about what needs to be logged from different log sources. It doesn’t specifically say that which log source needs to be integrated with central logging solution in your organization.

but there is a white paper( link given below ) which talks about how Splunk can support ISO27001 framework.

you need to register to download the white paper. 

https://www.splunk.com/en_us/form/how-splunk-and-machine-data-support.html

————————————
If this helps, give a like below.

krvamsireddy
Explorer

@thambisetty can you please suggest?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...