In September at .conf2016, the Splunk worldwide users conference, I co-presented a session titled “How to Use Splunk for Automated Regulatory Compliance.” It included a discussion of regulatory compliance and standard/framework 101 and how Splunk could be used for compliance, including some case studies and product demos of the Splunk App for PCI Compliance, the CIS Critical Security Controls App for Splunk, Splunk Enterprise Security, and Splunk User Behavior Analytics.
For the technical ninjas attending the session, the most interesting part was probably the closing section covering best practices related to using Splunk Enterprise for compliance which is the focus of this blog post. I have listed these best practices below in table format with more detail on the “why” then what is in the session slides. It’s more around “I need to measure technical controls in Splunk” versus “I want to use Splunk for general threat detection/response”, even though the latter typically is a part of compliance. Credit for the detail here goes to the technical Splunk ninjas I interviewed for this content: Mike Wilson (built the FISMA app), Anthony Perez (built the CIS App), David Hazekamp (father of Enterprise Security), and David Veuve (all-around ninja).
LESS SPECIFIC TO COMPLIANCE
For more detail on the any of the above topics please use Google to search for them (example: Splunk AND data AND summarization). The most current, relevant pages in Splunk docs/blogs will come up. I’m not listing links in this blog because they likely will “break” with time.
Hope this information helps you better use Splunk Enterprise for compliance!
Director of Product Marketing
Compliance, Anti-Fraud, Security