How do I configure the PCI app to consider ports 8543 and 8443 secure?
example
Our DMZ web server runs JBoss and we receive HTTPS 443 from the outside (Internet) to a front-end IIS server, but it communicates on port 8543 or 8443 to the JBoss server. It is secure HTTPS, but on this alternate port.
How can we have Splunk's PCI app recognize this as secure and OK?
The lookups (ie Interesting_Ports.csv) are indeed where you would teach your instance of the PCI App to work with your environment. You can edit from within the Splunk App or you can find the particular .csv file and edit in Excel or whatever editor you prefer.
Keep in mind, Splunk, wants the UTF-8 encoding when you save to .csv format. Excel will not do this but if you open the saved .csv file from Excel in notepad, you can then change the encoding with the drop down next to the save button.
I found a place in "interesting ports" that seems to be the correct area to provide port definitions for the PCI app.
cbglobal,
Can you elaborate where this complaint is coming from. What view/dashboard or alert are you seeing this behavior in?
Thanks,
David