Skip to main content
Sumo Logic

Install the PCI Compliance for Windows App and view the Dashboards

PCI Compliance for Windows offers pre-built dashboards and queries to help you track your Windows system, user accounts, login activity, and Windows updates.

Install the Sumo Logic App

Now that you have set up collection, install the Sumo Logic App for PCI Compliance for Windows to use the preconfigured searches and Dashboards that provide insight into your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Windows - PCI Req 02, 08, 10 - Account, User, System Monitoring

Track your user accounts and recent system changes.

PCI Compliance Windows and System Monitoring

 

PCI Compliance Windows Account System Monitoring

  • User Account Created. Aggregation table of the number of user accounts created in the last 24 hours.

  • User Account Deleted. Aggregation table of the number of user accounts deleted in the last 24 hours.

  • User Account Enabled. Aggregation table of the number of user accounts enabled in the last 24 hours.

  • User Account Disabled. Aggregation table of the number of user accounts disabled in the last 24 hours.

  • User Account Locked. Aggregation table of the number of user accounts locked in the last 24 hours.

  • Actions by Privileged Accounts. Aggregation table of the number of actions taken by privileged accounts over the last 24 hours.

  • Tampering Audit Logs. Aggregation table of the number of destination hosts whose logs were modified or cleared in the last 24 hours.

  • System Time Change. Aggregation table of the number of services with a change to their system time over the last 24 hours.

  • Policy Changes. Aggregation table of the number of services with policy changes over the last 24 hours.

  • System Restarted. Aggregation table of the number of services started over the last 24 hours.

  • Service Stopped. Aggregation table of the number of services stopped over the last 24 hours.

  • Service Execution Trend. Trend of the different services being executed over time.

Windows - PCI Req 02, 10 - Login Activity

Track login successes and failures.

Windows login successes and failures

PCI Compliance Win login successes failures

  • Failed Logins. Count of failed logins over the last 24 hours.

  • Failed Logins. Aggregation table of the date,

  • Successful logins. Total number of successful logins over the last 24 hours. Compare to Failed Logins to determine if the number of failed logins to successful logins is consistent with normal behavior or indicative of an attack.

  • Successful logins. Aggregation table of successful logins, including date, time, event code, error code, and count.

  • Default Login-Failure. Aggregation table of failed default logins.

  • Default Login-Success. Aggregation table of successful default logins.

Windows - PCI Req 08 - Other User Activity

Track user activities such as password changes, password resets, excessive failed access attempts, unlocked accounts, and disabled accounts.

 

PCI Comp Win 08

  • User Account Password Changes. Displays an aggregation table of the times passwords were changed, the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
  • User Account Password Reset. Displays an aggregation table of the times passwords were reset, the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
  • Excessive Failed Access Attempts. Displays an aggregation table of the excessive failed access attempts, the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
  • User Account Unlocked. Displays an aggregation table of the times a user account was unlocked  the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
  • User Account Disabled but not deleted. Displays an aggregation table of the times a user account was unlocked,  the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.

Windows - PCI Req 06 - Windows Updates Activity

Track your Windows Update activities.

PCI Compliance Windows Update activities

  • All Windows Updates. Aggregation table displaying all updated hosts in the past 24 hours, success/failure of that update, and any relevant error codes.
  • Recent Windows Update Failures. Aggregation table displaying all update failures in the last 7 days, update that failed, time of failure, and current status.
  • Windows Update Trend. Bar chart that displays 7-day trend of updates success and failure time sliced by hour.
  • Windows Update Summary by Host. Aggregation table of the hosts and a count of that host’s update success or failure for the past 7 days.
  • Windows Update Summary. Aggregation table of the latest Windows updates for the last 7 days and a count of their successes and failures