Has anyone developed guidelines for what should be (and should not be) logged in Splunk for PCI Compliance audits? Referring specifically to the storage and data management requirements as described in the Information Security Forum (ISF) Standard of Good Practice (SoGP), the Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, and US National Institute for
Standards and Technology (NIST) Cybersecurity Framework. We don't want to "log everything" so I'm curious if there are best practices regarding what to log - e.g., log data related to ABC requirements because Splunk processing is needed, but data related to XYZ requirements can be logged elsewhere because Splunk processing is not needed. Any help and guidance is greatly appreciated.
... View more