Skip to main content
Sumo Logic

Install the PCI Compliance for Linux App and view the Dashboards

The Sumo Logic PCI Compliance for Linux App provides dashboards and sample queries to meet requirements around account and system monitoring, login activity, and privileged user activity.

Install the Sumo Logic App

Now that you have set up collection, install the Sumo Logic App for PCI Compliance for Linux to use the preconfigured searches and Dashboards that provide insight into your data. 

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 


PCI Compliance for Linux - Account, User, System Monitoring

Meets Requirements 02, 07, 08 and 10 by monitoring user accounts and services.

PCI Requirements 02 07 08  and 10

  • User Account Created. See when new user accounts were created, when, how and by whom.  

  • User Account Deleted. See when existing user accounts were deleted when, and by whom.

  • Stopped Services. List of services stopped, who stopped them, and time they were stopped.

  • Running Services (Daemons). List of services currently running, their hosts, latest time ran, earliest time ran.

  • Active Services Over Time. Services’ activity for the last 24 hours as a line chart.

  • Unique Services Running. List of unique services running by host and times ran.

  • System Stopped. List of times systems were stopped over the last 24 hours with message text.

  • System Time Change Attempt.  Displays an aggregation table of the time change attempts over the last 24 hours.

  • Unique Services. The number of unique services to run in the last 24 hours as a pie chart.

  • Excessive Failed Access Attempts. Displays an aggregation table of the most recent excessive failed access attempts.

PCI Compliance for Linux - Login Activity

Meets Requirements 02 and 10 by tracking login activity.

Login Activity

  • Failed Logins. Total number of unsuccessful logins for the last 24 hours.

  • Failed Logins. Aggregation table detailing unsuccessful logins for the last 24 hours.

  • Successful Logins. Total number of successful logins for the current time period.

  • Successful Logins. Aggregation table detailing successful logins for the last 24 hours.

  • Default Logins (root user-failure). Number of super-user logins that failed and the   error message issued at that failure.

  • Default Logins (root user-success). Number of successful super-user logins.

PCI Compliance for Linux - Privileged Activity

Meets Requirement 10. See who and where requests to run as a privileged user are occurring.

PCI Linux Compliance

  • Sudo Attempts. Count of total attempts at running as a privileged user (sudo) made by users over the last 24 hours.

  • Failed sudo.  Count of total of failed attempts at running as privileged user (sudo) over the last 24 hours.

  • Top 10 sudo by User. Most frequent attempts at running as a privileged user (sudo) for a role broken down by destination, user attempting to be sudo, and total number of attempts at sudo.

  • Top 10 sudo by Host. Most frequent attempts at running as a privileged user (sudo) by host.

  • Sudo Attempts Over Time. Trend of the number of attempts at running as a privileged user (sudo) over the last 24 hours.

  • Recent sudo Attempts. Aggregation table of the time, host location, source, user, and directory location of attempts to run as a privileged user (sudo).