Security

PCI and PAN

tjbacchus
New Member

Team

I just was able to create a search in Splunk to detect Credit Card numbers. PCI was also onboarded into our new Splunk Cloud instance. How can we obscure these numbers once found and verified to be in fact an exposed user credit card number?

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

You can obfuscate fields with the SEDCMD directive if you know which fields hold the PCI and PAN. Ideally, PCI and PAN should not be in logs which are stored in logs - you should go back to your application developers to remove these before they even reach Splunk.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Additionally, you cannot modify already indexed events. So there is no way to "mask the PCI and PAN once they're found".

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...