Audit and Compliance App
Download our free Audit and Compliance App
Somerford have worked diligently with our customers and partners to build a simple yet thorough set of dashboards and searches to represent your data in a format suitable for auditing, now available on Splunkbase.
How can I benefit?
Implementation of Good Practice Guide 13 is a strong recommendation for all HMG ICT Systems and is essentially compulsory for systems that store high impact level data.
CESG Protective Monitoring, also known as Good Practice Guide 13, or GPG13, is a UK government recommended set of people and business processes and technology to improve company risk profiles – a Protective Monitoring solution will provide visibility and an understanding of who is accessing your organisations sensitive data. Implementation of protective monitoring solutions are recommended in a number of regulatory and industry best practices, such as PCI DSS, Cyber Security and SOX. The Audit and Compliance app allows you to meet all these regulations.
App Installation and Support
This application requires the Splunk Common Information Model. The Splunk CIM should be configured correctly and your data should be CIM compliant. The Splunk CIM data models should be accelerated.
Please note: This app does not provide normalisation for any existing data or provides CIM compliance for anything you may already be indexing.
For more information on the Splunk CIM please see:
App – https://splunkbase.splunk.com/app/1621/
Docs – https://docs.splunk.com/Documentation/CIM/4.13.0/User/Overview
Splunk Add-ons and CIM – https://docs.splunk.com/Documentation/AddOns/released/Overview/Add-onsandCIM
Please note: This app contains several scheduled searches. Dashboards may not populate immediately following installation.
This application should be installed on Search Heads. It is not required on Splunk Indexers or Splunk Universal and Heavy Forwarders.
Application Support Matrix
This application should be compatible with most versions of Splunk 7.x and Splunk 8.x.
Splunk Deployment | Supported/Not Supported | Note |
|---|---|---|
Single Instance (AIO)
| Supported | Install as per instructions below |
Distributed Deployment | Supported | Install on search heads only
|
Indexer Cluster
| Supported | Install on search heads only |
Search Head Cluster | Not Supported | Not tested, compatibility not guaranteed |
Splunk Cloud | Not Supported | v1.0 has not been vetted for Splunk Cloud |
Installation
- Download the Somerford Data Audit and Compliance Application by using the download button above.
- Install the application:
- Go to your apps list in Splunk Web (top left) > Manage Apps > Install app from file, and then upload/install the application.
- Alternatively, you can also extract the .tgz package and move the “data_audit_and_compliance_app_for_splunk” folder into your $SPLUNK_HOME/etc/apps folder (Splunk restart required.
Support
Support for this application is provided by Somerford Associates. Please use the contact us section to get in touch with support.
Support is available Monday to Friday, 9AM-5.30PM GMT (excluding bank holidays).
