Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to optimize Splunk for PCI Compliance?

JimSchlaker
New Member
‎09-06-2017 06:37 AM

Has anyone developed guidelines for what should be (and should not be) logged in Splunk for PCI Compliance audits? Referring specifically to the storage and data management requirements as described in the Information Security Forum (ISF) Standard of Good Practice (SoGP), the Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, and US National Institute for
Standards and Technology (NIST) Cybersecurity Framework. We don't want to "log everything" so I'm curious if there are best practices regarding what to log - e.g., log data related to ABC requirements because Splunk processing is needed, but data related to XYZ requirements can be logged elsewhere because Splunk processing is not needed. Any help and guidance is greatly appreciated.

Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-06-2017 06:58 AM

Check out the free Splunk App for PCI Compliance at https://splunkbase.splunk.com/app/1143/.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

JimSchlaker
New Member
‎09-06-2017 10:40 AM

Thanks for the link to the PCI Compliance app. The app appears to be worthwhile in this scenario: "Now that we have logged everything in Splunk, use the app determine overall compliance and gaps". But we're not interested in logging everything to Splunk. Instead we're curious to hear best practices regarding what is valuable to log in Splunk (i.e. Splunk is the best place for it because Splunk adds value in meeting PCI DSS audit/storage requirements) versus what is not valuable in Splunk (i.e., don't waste your ingestion license because Splunk adds no value in helping to meet PCI DSS audit/storage requirements). Any thoughts on this topic are greatly appreciated.

0 Karma
Reply

cly
New Member
‎04-08-2020 07:11 AM

The PCI Compliance App is far from free; several hundred thousand dollars.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-06-2017 12:29 PM

You don't have to use the PCI Compliance app, but it can give ideas about how Splunk can help monitor compliance. See what indicators the app provides, decide which ones are important to you, then log the data needed for those indicators. You can even build your own dashboard(s) using that data.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

rajneeshc1981
Explorer
‎12-21-2018 11:26 AM

I want to do pci but not through app, can you tell me what are best practices in Splunk to make logs pci compliance .

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...