Skip to main content
Sumo Logic

Install the PCI Compliance for Linux App and view the Dashboards

The Sumo Logic PCI Compliance for Linux App provides dashboards and sample queries to meet requirements around account and system monitoring, login activity, and privileged user activity.

Install the Sumo Logic App

Now that you have set up collection, install the Sumo Logic App for PCI Compliance for Linux to use the preconfigured searches and Dashboards that provide insight into your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

PCI Compliance for Linux - Account, User, System Monitoring

Meets Requirements 02, 07, 08 and 10 by monitoring user accounts and services.

PCI Requirements 02 07 08  and 10

  • User Account Created. See when new user accounts were created, when, how and by whom.  

  • User Account Deleted. See when existing user accounts were deleted when, and by whom.

  • Stopped Services. List of services stopped, who stopped them, and time they were stopped.

  • Running Services (Daemons). List of services currently running, their hosts, latest time ran, earliest time ran.

  • Active Services Over Time. Services’ activity for the last 24 hours as a line chart.

  • Unique Services Running. List of unique services running by host and times ran.

  • System Stopped. List of times systems were stopped over the last 24 hours with message text.

  • System Time Change Attempt.  Displays an aggregation table of the time change attempts over the last 24 hours.

  • Unique Services. The number of unique services to run in the last 24 hours as a pie chart.

  • Excessive Failed Access Attempts. Displays an aggregation table of the most recent excessive failed access attempts.

PCI Compliance for Linux - Login Activity

Meets Requirements 02 and 10 by tracking login activity.

Login Activity

  • Failed Logins. Total number of unsuccessful logins for the last 24 hours.

  • Failed Logins. Aggregation table detailing unsuccessful logins for the last 24 hours.

  • Successful Logins. Total number of successful logins for the current time period.

  • Successful Logins. Aggregation table detailing successful logins for the last 24 hours.

  • Default Logins (root user-failure). Number of super-user logins that failed and the   error message issued at that failure.

  • Default Logins (root user-success). Number of successful super-user logins.

PCI Compliance for Linux - Privileged Activity

Meets Requirement 10. See who and where requests to run as a privileged user are occurring.

PCI Linux Compliance

  • Sudo Attempts. Count of total attempts at running as a privileged user (sudo) made by users over the last 24 hours.

  • Failed sudo.  Count of total of failed attempts at running as privileged user (sudo) over the last 24 hours.

  • Top 10 sudo by User. Most frequent attempts at running as a privileged user (sudo) for a role broken down by destination, user attempting to be sudo, and total number of attempts at sudo.

  • Top 10 sudo by Host. Most frequent attempts at running as a privileged user (sudo) by host.

  • Sudo Attempts Over Time. Trend of the number of attempts at running as a privileged user (sudo) over the last 24 hours.

  • Recent sudo Attempts. Aggregation table of the time, host location, source, user, and directory location of attempts to run as a privileged user (sudo).