Splunk is fast becoming one of the most highly regarded solutions for Log management.
Splunk is a versatile and comprehensive data analysis toolkit. By creating PCI specific searches, filters and reports, we have created a cost effective log collection and analysis tool that helps you meet all of the relevant PCI logging requirements including file integrity assessment.
Splunk, allows organisations to centralise disparate and diverse logs for compliance, regulatory and best practise review, here are some of its key features:
Unlike other log management solutions, Splunk is priced on the log activity processed rather the number of systems and because Splunk can be configured to only collect the events you require you can drastically reduce your log collection needs and reduce costs.
Systems where we have helped with Splunk PCI integration: (this is not meant to be exhaustive)
This is not exhaustive list, but is typical of what Spunk and our integration services offer. Another example CST found is where Splunk can be used is that of PCI control reporting ( see PCI 1.2.1 & 1.2.3) for example where card holder data should be segregated and only passed from points A to B for instance: the firewall, router, switches and the alike all have separate logs that provide evidence as much. Splunk would collect and collate all such disparate logs and analyze them for the same exception criteria of reporting on any traffic destination other than A to B for instance.
Opinion & Resources
Splunk was born of our founders’ frustration running some of the worlds largest IT infrastructures. Armed with state-of-the-art IT management tools, they found it nearly impossible to locate the root cause of problems, investigate security attacks and assemble all the data required for compliance audits.
Their conclusion was the silo approach to managing IT with separate tools for every technology and IT function was cumbersome, costly and didn't scale.