Apps/Tags used by the PCI Application

From Splunk Wiki

Jump to: navigation, search

This is a list of tags that are used in the PCI application, in addition to the tags from the common information model.

  • cardholder - Touches or contains cardholder information or traffic
  • cardholder-dest - Cardholder data coming in
  • cardholder-src - Cardholder data going out
  • default-username - System accounts that are created by default and should rarely be used
  • dest-whitelist - Destinations that are considered safe, typically local network addresses
  • dmz-dest - Traffic heading to the DMZ
  • dmz-src - Traffic coming from the DMZ
  • external-dest - Traffic coming from outside the environment
  • external-src - Traffic coming from inside the environment
  • insecure - Traffic or events that are considered insecure in some way
  • insecure-application - Traffic or events involving an application that is considered insecure
  • insecure-ports - Traffic traveling through insecure ports, such as those that aren¿t encrypted
  • internal-dest - Traffic headed into the environment
  • internal-src - Traffic coming from the environment
  • pci - Related to PCI issues
  • service_account - An account related to a particular system service, and that therefore no one should be logging into
  • src-whitelist - Sources that are considered safe, typically local network addresses
  • terminated - Accounts that have been removed, and therefore shouldn¿t be in use
  • wireless - Touches a wireless network or device in some way
  • wireless-dest - Coming from a wireless network or device
  • wireless-src - Heading toward a wireless network or device
Personal tools
Hot Wiki Topics

About Splunk >
  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk