Understand the Splunk App for PCI Compliance
You can add data from the PCI cardholder data environment (CDE) using add-ons installed on Splunk forwarders. The forwarders send data to the indexers. After the data arrives at the indexers, the indexers perform custom categorization and field extractions and store the data. The Splunk App for PCI Compliance installed on a search head searches the indexed data and returns results, populating dashboards and providing administrators with an overview of their CDE.
- The Splunk App for PCI Compliance (for Splunk Enterprise) includes the domain add-on (DA-ESS-PCICompliance) and supporting add-ons (SA-*) and technology add-ons (TA-*) that make up the Enterprise Security framework.
- The Splunk App for PCI Compliance (for Splunk Enterprise Security) includes only the DA-ESS-PCICompliance domain add-on.
Several lookup files included in the add-ons that make up the Splunk App for PCI Compliance or the Enterprise Security framework are necessary for configuring the Splunk App for PCI Compliance.
| Name | File Location | Description |
|---|---|---|
| PCI Views | Splunk_DA-ESS_PCICompliance/lookups/pci_views.csv | List of reports and mapping to main PCI DSS requirement. |
| Expected Views | SA-AuditAndDataProtection/lookups/expected_views.csv | Views that are tracked for auditing. |
| Prohibited Traffic | SA-NetworkProtection/lookups/prohibited_traffic.csv | Traffic that generates notable events when detected. |
| Identities | SA-IdentityManagement/lookups/identities.csv | List of identities used for identity correlation. |
| Assets | SA-IdentityManagement/lookups/assets.csv | List of assets used for asset correlation. |
| Categories List | SA-IdentityManagement/lookups/categories.csv | Categories that apply to assets and identities. |
| PCI Domains List | SA-IdentityManagement/lookups/pci_domains.csv | List of PCI domain labels. |
| Urgency Matrix | SA-ThreatIntelligence/lookups/urgency.csv | List of defined urgency levels. |