Deployment Architecture

How can I make a PCI audit.rules generates fewer events or logs?

ams44splunk
New Member

How do I reduce the number of log messages and maintain PCI compliant auditing? The audit.rules generates too much data. The rules audit more than 50 system calls and can swamp my log server. The rules audit every system call we identified as matching a requirement of the Payment Card Industry (PCI) Data Security Standard.

0 Karma

cgkades
Explorer

No one knew the answer to this?! I have similar issues with security compliance. I wish they could just do a tail -f on the log

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...