Audit and Compliance App

Download our free Audit and Compliance App

Somerford have worked diligently with our customers and partners to build a simple yet thorough set of dashboards and searches to represent your data in a format suitable for auditing, now available on Splunkbase.

How can I benefit?

PMC-4 GPG-13 App Dashboard

Implementation of Good Practice Guide 13 is a strong recommendation for all HMG ICT Systems and is essentially compulsory for systems that store high impact level data.

CESG Protective Monitoring, also known as Good Practice Guide 13, or GPG13, is a UK government recommended set of people and business processes and technology to improve company risk profiles – a Protective Monitoring solution will provide visibility and an understanding of who is accessing your organisations sensitive data. Implementation of protective monitoring solutions are recommended in a number of regulatory and industry best practices, such as PCI DSS, Cyber Security and SOX. The Audit and Compliance app allows you to meet all these regulations.

App Installation and Support

This application requires the Splunk Common Information Model. The Splunk CIM should be configured correctly and your data should be CIM compliant. The Splunk CIM data models should be accelerated.
Please note: This app does not provide normalisation for any existing data or provides CIM compliance for anything you may already be indexing.

For more information on the Splunk CIM please see:
App – https://splunkbase.splunk.com/app/1621/
Docs – https://docs.splunk.com/Documentation/CIM/4.13.0/User/Overview
Splunk Add-ons and CIM – https://docs.splunk.com/Documentation/AddOns/released/Overview/Add-onsandCIM

Please note: This app contains several scheduled searches. Dashboards may not populate immediately following installation.
This application should be installed on Search Heads. It is not required on Splunk Indexers or Splunk Universal and Heavy Forwarders.

Application Support Matrix

This application should be compatible with most versions of Splunk 7.x and Splunk 8.x.

Splunk Deployment
Supported/Not Supported
Note
Single Instance (AIO)
Supported
Install as per instructions below
Distributed Deployment
Supported
Install on search heads only
Indexer Cluster
Supported
Install on search heads only
Search Head Cluster
Not Supported
Not tested, compatibility not guaranteed
Splunk Cloud
Not Supported
v1.0 has not been vetted for Splunk Cloud

Installation

  1. Download the Somerford Data Audit and Compliance Application by using the download button above.
  2. Install the application:
    • Go to your apps list in Splunk Web (top left) > Manage Apps > Install app from file, and then upload/install the application.
    • Alternatively, you can also extract the .tgz package and move the “data_audit_and_compliance_app_for_splunk” folder into your $SPLUNK_HOME/etc/apps folder (Splunk restart required.

Support

Support for this application is provided by Somerford Associates. Please use the contact us section to get in touch with support.

Support is available Monday to Friday, 9AM-5.30PM GMT (excluding bank holidays).

Not sure how to contact us?

Scroll to Top