All Apps and Add-ons

Is there a Splunk App or Add-on that validates ISO27001 compliance after fulfilling specific auditing requirements?

krvamsireddy
Explorer

We are planning to achieve ISO27001 (open data exchange) for that we need to achieve specific auditing requirements, so do we have any app/addon in Splunk which will have dashboards/compliance to validate and thus making it to ISO27001 compliant.

Labels (2)
0 Karma

sandyjov1
Explorer

 Has anyone had this question answered?

 

0 Karma

gcusello
Legend

Hi @sandyjov1,

I'm a GRC consultant and a Splunk Architect and I can confirm what @thambisetty said: there isn't an app for ISO/IEC27001 compliance, also because, for ISO/IEC27001 compliance you could only to check the presence of a SIEM or an antivirus or a firewall and to do this you don't need a system like Splunk.

In addition, in ISO/IEC27001 you have to check the presence of processes and organizational structures that you cannot check with Splunk.

Compliance ISO/IEC27001 is a process and to manage it you need a BPM system that permits to manage the process and archive documents, in other words Splunk has another job.

Using Splunk you could check the maturity of your IT infrastructure (not of all your organization) and the risk level of your infrastructure (using e.g. Enterprise Security) that's very useful for the risk analysis that's a little part of ISO/IEC27001 compliance process.

Using Splunk I created (it's an intellettual property of my company so I cannot share it) an app to integrate the results of more systems (Splunk ES, Tenable.io, a risk quantification tool, Office365, etc...) to show the maturity level of an infrastructure and the compliance with some framework (as NIST or ISO/IEC27001) but taking values from other systems.

I asked to present our platform to the Splunk .Conf2021 but our proposal wasn't accepted, Ill retry next year.

Ciao.

Giuseppe

0 Karma

thambisetty
Super Champion

I don’t think there is Splunk app for ISO27001. Because ISO27001 talks about what needs to be logged from different log sources. It doesn’t specifically say that which log source needs to be integrated with central logging solution in your organization.

but there is a white paper( link given below ) which talks about how Splunk can support ISO27001 framework.

you need to register to download the white paper. 

https://www.splunk.com/en_us/form/how-splunk-and-machine-data-support.html

————————————
If this helps, give a like below.

krvamsireddy
Explorer

@thambisetty can you please suggest?

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...