PCI App Community Edition installation walkthrough

From Splunk Wiki

Return to the previous page

Summary

Dont worry about being stuck, this guide should help take you through getting everything to work. The first thing to note is that version 1.2 is now using eventtypes and savedSearches within the application. While I have moved the vast majority of the inline searches to this better format, there are a few modules that need better searches.

Installation ?

Its quite simple, untar the package on your splunk server in the apps directory (make sure you have installed the GeoIP app first) and then edit the eventtypes.conf file in

apps/PCI/defaults

to include your data. Here is the breakdown of the app:

Core Configuration

I have changed a few areas of the core configuration with the inclusion of a limits.conf. Here is an explanation of what has been changed.

• inputs.conf
• limits.conf

Modules

To aid in setting everything up, I have broken the app down into (what I think are) logical modules.

• Data Destruction
• Firewall Module
• Management Module
• Risk Module
• VPN Module
• Vulnerability Scanner

Return to the previous page