Release Notes for the Splunk App for PCI Compliance

Version 6.1.0 of the Splunk App for PCI Compliance was released on June 10, 2025.

The Splunk App for PCI Compliance (for Splunk Enterprise) includes framework improvements from the Splunk Enterprise Security framework.

The installer package size is >500MB, which is larger than the default upload limit for installing apps from the SplunkWeb UI. See Install the Splunk App for PCI Compliance in the Installation and Configuration Manual.

What's new

Splunk app for PCI Compliance includes the following new enhancements. If this table is blank, no new enhancements were included and this release only includes bug fixes.

Version 5.3.0

EnhancementDescription
Added 25 new correlation searches and two new reports.Updates to detection rules and reports by requirements for PCI DSS 3.2 to PCI DSS 4.0 governance controls. For more information, see Updates to detection rules and reports by requirements.
Upgrade to the Splunk Dashboard Framework to improve performanceOption to upgrade the dashboards in Splunk app for PCI Compliance from simple XML to the Splunk Dashboard Framework to improve performance and consistency across products and gather better insights from data visualizations. For more information, see Upgrade to the Splunk Dashboard Framework to improve performance
EnhancementDescription
Updates to detection rules and reportsEnhancements to detection rules and reports for PCI DSS 4.0 governance controls. For more information, see

Updates to detection rules and reports by enhancements

.
Updates to existing dashboardA new panel

Vulnerability by Severity

is added to the Vulnerability Scan Details dashboard.

Version specific notes

ES or PCI version Version specific notes
ES 8.0 or higher
  • The Investigation dashboard is removed.
    Follow these steps to view the list of investigations:
    1. Go to the Incident Review page, which is called the Analyst queue in the Mission Control page in Splunk Enterprise Security version 8.0 and higher.
    2. Remove the governance=pci filter.
    3. Review events with the type Investigation.
  • If you are in an on-prem deployment, you must follow the secure protocol, which is https (not http) because the Start investigation API calls work only on secure protocols from PCI version 6.1.0 and higher.
ES 7.2 or higher Ability to display the PCI control field such as 1.2.2 or 8.3, and so on for notables on the Incident Review page. When a notable is created, all the PCI controls associated with the notable can be viewed using a search and shared with other users.
ES 6.1.x or higher Splunk Enterprise Security is supported on Python3 and requires a minimum of Splunk Enterprise 8.0.x. See

Python with Splunk Enterprise Security in the Splunk Enterprise Python 3 Migration manual.

Compatibility

See Install prerequisites in the Installation and Upgrade Manual for information about the Splunk App for PCI Compliance and compatibility with the Splunk platform and Splunk Enterprise Security.