Payment Card Industry
Use the JSA Payment Card Industry (PCI) Reporting Content Extension for compliance with PCI reports.
JSA PCI Content Extension V1.0.3
Saved searches are now shared with all users. Saved searches that were in the Other group are now in the PCI group.
JSA PCI Content Extension V1.0.2
The following table shows the custom properties in JSA PCI Content Extension V1.0.2.
Table 1: Custom Properties in JSA PCI Content Extension V1.0.2
Name | Optimized | Capture Group | Regex |
|---|---|---|---|
VirusName | Yes | 1 | Virus Name: (.*?), |
JSA PCI Content Extension V1.0.1
The following table shows the rule and building block updated in JSA PCI Content Extension V1.0.1.
Table 2: Rule and Building Block in JSA PCI Content Extension V1.0.1
Type | Name | Description |
|---|---|---|
Building Block | BB:DeviceDefinition: IDS/IPS | Updated building block with IDS/IPS devices. |
Rule | Malware or Virus Clean Failed | New QIDs added to rule:
|
JSA PCI Content Extension V1.0.0
The following reports are added by the JSA PCI Content Extension V1.0.0.
PCI Compliance Failures
Network Traffic Volume
Network Traffic Volume
Top Users by Remote Access Activity
Weekly PCI Compliance Failures
PCI 1.2.1a - Internal Network (not DMZ) to Internet
PCI 1.2.1a - Internal Network (not DMZ) to Internet (Monthly)
PCI 1.2.1a - Internal Network (not DMZ) to Internet (Weekly)
PCI 1.2.1b - Inbound and Outbound Traffic
PCI 1.2.1b - Inbound and Outbound Traffic (Monthly)
PCI 1.2.1b - Inbound and Outbound Traffic (Weekly)
PCI 1.3 - Traffic Summaries (Details)
PCI 1.3 - Traffic Summaries (Monthly)
PCI 1.3 - Traffic Summaries (Time Series)
PCI 1.3 - Traffic Summaries (Weekly)
PCI 2.1 - Vendor Defaults
PCI 2.1 - Vendor Defaults (Monthly)
PCI 2.2 - Server Function
PCI 2.3 - Traffic to Trusted Segments
PCI 2.3 - Traffic to Trusted Segments (Monthly)
PCI 2.3 - Traffic to Trusted Segments (Weekly)
PCI 4.1 - Traffic to Trusted Segments from Untrusted Segments
PCI 4.1 - Traffic to Trusted Segments from Untrusted Segments (Monthly)
PCI 4.1 - Traffic to Trusted Segments from Untrusted Segments (Weekly)
PCI 5.2 - Malware PCI 5.2 - Malware (Monthly)
PCI 5.2 - Malware (Weekly)
PCI 5.2 - Malware or Virus Clean Failed
PCI 5.2 - Top Malware Activity
PCI 6.1 - Vulnerabilities
PCI 6.6 - Attacks against Public Facing Applications or Services
PCI 6.6 - Attacks against Public Facing Applications or Services (Monthly)
PCI 6.6 - Attacks against Public Facing Applications or Services (Weekly)
PCI 7.1 - Access to Cardholder and Trusted Systems
PCI 7.1 - Access to Cardholder and Trusted Systems (Monthly)
PCI 7.1 - Access to Cardholder and Trusted Systems (Weekly)
PCI 8.1 - User Account Additions and Changes
PCI 8.1 - User Account Additions and Changes (Monthly)
PCI 8.1 - User Account Additions and Changes (Weekly)
PCI 10 - Audit of Data PCI 10 - Audit of Data (Monthly)
PCI 10 - Audit of Data (Weekly)
PCI 10.2 - User Accounts Additions by Admin
PCI 10.2 - User Accounts Additions by Admin (Monthly)
PCI 10.2 - User Accounts Additions by Admin (Weekly)
PCI 11.3/11.2 Vulnerability Report
PCI 12.9 Incident Response (Offense Summary) - Weekly
The following table shows the rule and building blocks added by JSA PCI Content Extension V1.0.0.
Table 3: Rules and Building Blocks in JSA PCI Content Extension V1.0.0
Type | Name |
|---|---|
Rule | Device Stopped Sending Events |
Rule | Malware or Virus Clean Failed |
Building Block | BB:DeviceDefinition: AntiVirus |
Building Block | BB:DeviceDefinition: IDS / IPS |
Building Block | BB:CategoryDefinition: Authentication Failures |
Building Block | BB:CategoryDefinition: Authentication Success |
Building Block | BB:CategoryDefinition: Firewall or ACL Accept |
Building Block | BB:CategoryDefinition: Firewall or ACL Denies |
Building Block | BB:CategoryDefinition: Superuser Accounts |
Building Block | BB:NetworkDefinition: Inbound Communication from Internet to Local Host |
Building Block | BB:NetworkDefinition: Untrusted Network Segment |
Building Block | BB:NetworkDefinition: Trusted Network Segment Note: This building block references the default network hierarchy. Update this building block if you are using a different network hierarchy. |
Building Block | BB:NetworkDefinition: Untrusted Local Networks Note: This building block references the default network hierarchy. Update this building block if you are using a different network hierarchy. |
The following searches are added by JSA PCI Content Extension V1.0.0.
Link Utilization
Malware Clean Failed
Malware Events by IP
Malware Events by Name
Remote Access Failures (VPN and Others)
Top Destination Networks - Internal
Top Source Networks
PCI 1.2.1a - Internal Network (not DMZ) to Internet (Accepted)
PCI 1.2.1a - Internal Network (not DMZ) to Internet (All)
PCI 1.2.1a - Internal Network (not DMZ) to Internet (Denied)
PCI 1.2.1b - Inbound Allowed Traffic
PCI 1.2.1b - Outbound Allowed Traffic
PCI 1.3.1 - Allowed Traffic Into DMZ from Internal
PCI 1.3.2 - Allow Traffic from Internet to Internal Networks (Not DMZ)
PCI 1.3.3 - Traffic Between Internet and Cardholder Data
PCI 1.3.5 - Traffic Between Cardholder Data and Internet (Not DMZ)
PCI 2.1 - Vendor Supplied Defaults Accepted
PCI 2.2.1 - Primary Function Per Server
PCI 2.3 - Protocols to Trusted Network Zones
PCI 4.1 - Protocols to Trusted Network Zones
PCI 5.2 - Malware Events by Event Name or Action
PCI 6.1 - Vulnerabilities Discovered
PCI 6.6 - Attacks against Public Facing Applications and Servies
PCI 7.1 - Access to CardHolder and Trusted System
PCI 8.1 - User Account Added By User
PCI 8.1 - User Account Modified By User
PCI 10.2 - PCI 8.1 - User Account Added By Admin User
PCI 10.5.4 Verification of Logs Recieved
PCI 10.6 SIEM Audit Overview
PCI 10.7 SIEM Backup Activity
The following custom properties are added by JSA PCI Content Extension V1.0.0.
AccountName
VirusName