Hi all,

I have installed the PCI module, and I have followed the implementation steps (https://docs.splunk.com/Documentation/PCI/3.7.2/Install/ConfigurePCIDSSDomains), but I do not get any data in the PCI dashboards — any clue?

I have the following scenario:

1 splunk server with PCI app installed, with IP xxx.xxx.204.136

1 Domain controller (win 2012) with IP xxx.xxx.204.200 (the domain is mydomain.com)

1 Windows server with a splunk forwarder IP xxx.xxx.204.199; I have deployed

I have ADD data from a Splunk forwarder, and I have selected sources Local Events Source (Applications, Forwarder events, security, setup and system), one by one with PCI index.

In Splunk, I have uploaded the assets via CSV file, and I can see in the App PCI - Assets Center :

ip,mac,nt_host,dns,owner,priority,lat,long,city,country,bunit,category,pci_domain,is_expected,should_timesync,should_update,requires_av

xxx.xxx.204.199,00:0C:29:24:0F:88,WINSRV2012FW,,imontano,high,,,Dallas,USA,americas,pci,untrust,false,false,false,false

In Splunk, I have uploaded the identities via a CSV file, and I can see in the App PCI - Identity Center :

identity,prefix,nick,first,last,suffix,email,phone,phone2,managedBy,priority,bunit,category,watchlist,startDate,endDate,work_city,work_country,work_lat,work_long

imontano,Mr,imontano,ivan,montano,,imontano@mydomain.com,44199,44199,imontano,high,americas,pci,false,,,Dallas,USA,37.3382,121.8863

When I go to the PCI Compliance Posture, I can see all the indicators in green without data.

In Notable Events By Owner — Last 24 Hours, over owner I got "unassigned," but I have configured the assets and identities.

Any clues?