You may not be aware, but if your company process credit card data, you need to be PCI compliant. And a big part of the PCI compliance process is log-related.
For example, section 10.5 reads as:
PCI DSS Requirement 10.5: Secure audit trails cannot be altered.
PCI DSS Requirement 10.5.1: Limit the display of audit trails only to those with business needs.
PCI DSS Requirement 10.5.2: Protect audit trail files from unauthorized changes.
PCI DSS Requirement 10.5.3: Back up audit trail files to a central log server or environment that is difficult to alter.
PCI DSS Requirement 10.5.4: Write logs for external technologies to a secure, central, internal log server or media device.
Trunc solves all those requirements. If you send your logs to Trunc, they will be stored for at least year (required by PCI), easily available to you and your team-only. Protected against unauthorized changes and external to your environment. So even in case of a breach, your logs can not be altered.
When you couple data with our log-based intrusion detection and rules, it also covers section 11.4:
PCI DSS Requirement 11.4 requires that intrusion detection or intrusion prevention techniques compare and send alerts to the traffic to your network with the behavior of known types of threats such as hacker tools, Trojans, and other malware.
And many others that are related to logging, audit trails and visibility to your environment.
ID |
Description |
|---|---|
| 8.1.5 | Manage the IDs used by third parties to access, support, or protect system components remotely. |
| 11.4 | Requires that intrusion detection or intrusion prevention techniques compare and send alerts to the traffic to your network with the behavior of known types of threats such as hacker tools, Trojans, and other malware. |
| 10.1 | Apply audit trails to associate all access to system components with individual users. |
| 10.2 | Apply automatic audit trails for all system components to reproduce events |
| 10.2.1 | All individual access to cardholder data |
| 10.2.2 | All transactions by root or any person with administrative privileges |
| 10.2.3 | Access to all audit log paths |
| 10.2.4 | Invalid logical access attempts |
| 10.2.5 | Use and modification of identification and authentication mechanisms and all changes, additions or deletions in accounts with root or administrator privileges |
| 10.2.6 | Starting, stopping, or pausing audit logs |
| 10.2.7 | Creating and deleting system-level objects |
| 10.5 | Secure audit trails cannot be altered. |
| 10.5.1 | Limit the display of audit trails only to those with business needs. |
| 10.5.2 | Protect audit trail files from unauthorized changes. |
| 10.5.3 | Back up audit trail files to a central log server or environment that is difficult to alter. |
| 10.5.4 | Write logs for external technologies to a secure, central, internal log server or media device. |
| 10.6.2 | Review the logs of all other system components according to organization policies and risk management strategy as determined by the organization’s annual risk assessment. |
| 10.6.3 | Track exceptions and abnormalities detected during the review process. |
| 10.7 | Retain audit trail history for at least one year and have at least three months of data ready for analysis |