Documentation Index
Fetch the complete documentation index at: https://mintlify.com/wazuh/wazuh-dashboard-plugins/llms.txt
Use this file to discover all available pages before exploring further.
Overview
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Wazuh helps organizations monitor and maintain PCI DSS compliance through automated security event detection and mapping.PCI DSS Requirements Coverage
Wazuh maps security events to PCI DSS requirements through therule.pci_dss field. The compliance requirements are defined in:
Source: plugins/main/common/compliance-requirements/pci-requirements.ts
Network Security Requirements
1.1.1 - Firewall Configuration Management
1.1.1 - Firewall Configuration Management
A formal process for approving and testing all network connections and changes to the firewall and router configurations.Monitored by: Network configuration change detection, firewall rule modifications
1.3.4 - Outbound Traffic Control
1.3.4 - Outbound Traffic Control
Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.Monitored by: Outbound connection monitoring, data exfiltration detection
1.4 - Personal Firewall Requirements
1.4 - Personal Firewall Requirements
Install personal firewall software on portable devices that connect to the Internet when outside the network and access the CDE.Monitored by: Endpoint firewall status, portable device security checks
System Hardening Requirements
2.2 - Configuration Standards
2.2 - Configuration Standards
Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry accepted system hardening standards (CIS, ISO, SANS, NIST).Monitored by: Configuration compliance checks, baseline deviation detection
2.2.2 - Unnecessary Services
2.2.2 - Unnecessary Services
Enable only necessary services, protocols, daemons, etc., as required for the function of the system.Monitored by: Running service detection, unnecessary service alerts
2.2.3 - Additional Security Features
2.2.3 - Additional Security Features
Implement additional security features for any required services, protocols, or daemons that are considered to be insecure.Monitored by: Insecure protocol detection, security configuration validation
2.2.4 - Security Parameters
2.2.4 - Security Parameters
Configure system security parameters to prevent misuse.Monitored by: Security parameter monitoring, misuse detection
Cryptography and Data Protection
4.1 - Encryption in Transit
4.1 - Encryption in Transit
Use strong cryptography and security protocols (SSL/TLS, IPSEC, SSH) to safeguard sensitive cardholder data during transmission over open, public networks.Monitored by: Unencrypted transmission detection, weak cipher alerts
5.1 - Anti-virus Deployment
5.1 - Anti-virus Deployment
Deploy anti-virus software on all systems commonly affected by malicious software.Monitored by: Anti-virus status checks, malware detection events
5.2 - Anti-virus Maintenance
5.2 - Anti-virus Maintenance
Ensure that all anti-virus mechanisms are kept current, perform periodic scans, and generate audit logs.Monitored by: AV definition updates, scan completion status, malware alerts
Vulnerability Management
6.2 - Security Patch Management
6.2 - Security Patch Management
Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches within one month of release.Monitored by: Patch status monitoring, vulnerability detection
6.5 - Secure Development
6.5 - Secure Development
Address common coding vulnerabilities in software development processes. Train developers in secure coding techniques.Monitored by: Application security events, code vulnerability alerts
6.5.1 - Injection Flaws
6.5.1 - Injection Flaws
Protection against SQL injection, OS command injection, LDAP and XPath injection flaws.Monitored by: Injection attack detection, suspicious query patterns
6.5.2 - Buffer Overflows
6.5.2 - Buffer Overflows
Prevention and detection of buffer overflow vulnerabilities.Monitored by: Memory violation alerts, overflow attempt detection
6.5.7 - Cross-site Scripting (XSS)
6.5.7 - Cross-site Scripting (XSS)
Protection against XSS attacks.Monitored by: XSS attempt detection, input validation failures
6.6 - Web Application Protection
6.6 - Web Application Protection
Review public-facing web applications via security assessment tools or install web-application firewalls.Monitored by: WAF events, web attack detection
Access Control Requirements
8.1.2 - User ID Management
8.1.2 - User ID Management
Control addition, deletion, and modification of user IDs, credentials, and other identifier objects.Monitored by: User account changes, credential modifications
8.1.4 - Inactive Account Removal
8.1.4 - Inactive Account Removal
Remove/disable inactive user accounts within 90 days.Monitored by: Inactive account detection, account lifecycle events
8.1.6 - Account Lockout
8.1.6 - Account Lockout
Limit repeated access attempts by locking out the user ID after not more than six attempts.Monitored by: Failed login attempts, account lockout events
8.1.8 - Session Timeout
8.1.8 - Session Timeout
If a session has been idle for more than 15 minutes, require the user to reauthenticate.Monitored by: Session timeout events, idle session detection
8.7 - Database Access Restrictions
8.7 - Database Access Restrictions
All access to databases containing cardholder data is restricted through programmatic methods.Monitored by: Direct database access attempts, query monitoring
Logging and Monitoring
10.1 - Audit Trails
10.1 - Audit Trails
Implement audit trails to link all access to system components to each individual user.Monitored by: User activity logging, access trail generation
10.2.1 - Cardholder Data Access
10.2.1 - Cardholder Data Access
Log all individual user accesses to cardholder data.Monitored by: Data access events, CHD access logging
10.2.2 - Administrative Actions
10.2.2 - Administrative Actions
Log all actions taken by any individual with root or administrative privileges.Monitored by: Privileged command execution, admin activity
10.2.4 - Invalid Access Attempts
10.2.4 - Invalid Access Attempts
Log invalid logical access attempts.Monitored by: Failed authentication, unauthorized access attempts
10.2.5 - Authentication Changes
10.2.5 - Authentication Changes
Log use of and changes to identification and authentication mechanisms.Monitored by: Account creation, privilege escalation, credential changes
10.5.2 - Audit Log Protection
10.5.2 - Audit Log Protection
Protect audit trail files from unauthorized modifications.Monitored by: Log file integrity monitoring, unauthorized log access
10.5.5 - Log Integrity Monitoring
10.5.5 - Log Integrity Monitoring
Use file integrity monitoring on logs to ensure existing data cannot be changed without generating alerts.Monitored by: FIM on log files, log tampering detection
10.6 - Log Review
10.6 - Log Review
Review logs and security events for all system components to identify anomalies or suspicious activity.Monitored by: Anomaly detection, suspicious pattern identification
Intrusion Detection
11.4 - IDS/IPS Implementation
11.4 - IDS/IPS Implementation
Use intrusion detection and/or intrusion prevention techniques to detect and/or prevent intrusions into the network.Monitored by: Network intrusion detection, attack pattern recognition
11.5 - File Integrity Monitoring
11.5 - File Integrity Monitoring
Deploy a change detection mechanism to alert personnel to unauthorized modification of critical system files.Monitored by: File integrity monitoring alerts, critical file changes
Using the PCI DSS Dashboard
Accessing PCI DSS Compliance View
Filter by Requirement
Click on requirement categories (1, 2, 4, 5, 6, 8, 10, 11) to view specific controls.
Dashboard Components
The PCI DSS dashboard includes:- Top requirements by alert count - Identifies most violated controls
- Alert distribution - Shows compliance coverage across requirements
- Timeline view - Tracks compliance violations over time
- Requirement details - Displays full text of each PCI DSS requirement
plugins/main/public/components/overview/pci/dashboards/dashboard-panels.ts
Data Source Implementation
The PCI DSS data source filters events by therule.pci_dss field:
plugins/main/public/components/common/data-source/pattern/events/pci-dss/pci-dss-data-source.ts:5
Event Columns
PCI DSS events table displays:- Timestamp
- Rule description
- PCI DSS requirement (
rule.pci_dssfield) - Alert level
- Agent information
plugins/main/public/components/overview/pci/events/pci-columns.tsx:8
Compliance Reporting
Generating PCI DSS Reports
Integration with Other Modules
PCI DSS requirements appear in:- MITRE ATT&CK view - Maps compliance to attack techniques
- Threat Hunting - Includes PCI DSS aggregations
- Agent overview - Per-agent PCI DSS compliance status
plugins/main/public/components/overview/mitre/framework/components/techniques/components/rule-details.tsx:111
Requirement Data Structure
The complete PCI DSS requirements mapping:plugins/main/common/compliance-requirements/pci-requirements.ts:12
Best Practices
Daily Reviews
Review PCI DSS dashboard daily to identify new violations promptly.
Focus on Critical Requirements
Prioritize requirements 8 (access control), 10 (logging), and 11 (monitoring).
Integrate with Change Management
Correlate requirement violations with recent system changes.
Quarterly Audits
Generate comprehensive quarterly reports for PCI DSS assessments.
Related Documentation
- Compliance Overview
- [File Integrity Monitoring(/modules/file-integrity-monitoring) - Supports requirements 10.5.5 and 11.5
- [Vulnerability Detection(/modules/vulnerability-detection) - Supports requirement 6.2
- [Log Analysis(/modules/threat-hunting) - Supports requirements 10.x