Refine your search:

Splunk for FISMA

2 ratings

Thanks For Downloading!

Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:

Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into %PROGRAMFILES%\Splunk\etc\apps. Then restart Splunk using the splunk restart command or the GUI.

Unix/Linux: Decompress the downloaded file using a tool like tar -xvf and place the resulting folder into $SPLUNK_HOME/etc/apps. Then restart Splunk using the splunk restart command or the GUI.

Description

The FISMA app is a compliance auditing solution for NIST 800-53 guidelines.

Splunk for FISMA

Version: 1.1.2

Developed by: Mike Wilson (mwilson at splunk.com)

General

The FISMA app is a set of searches and views which can be used to audit NIST 800-53 compliance.

This app does not provide data inputs, extractions, or tags itself. This app is a "framework" which is dependent on the Common Information Model eventtyping and tagging being provided by external add-ons. The app can be utilized to integrate any relevant data sources if the CIM fields and tagging match. Each control has it's own Help link which describes the required tags and fields for the view. Technology Add-ons such as the Splunk for Windows technology add-on and the Splunk for Unix and Linux technology add-on are examples of two such supporting add-ons which should be used in conjunction with the FISMA app.

Please contact fed@splunk.com if you require additional Technology Add-ons which are not available on Splunkbase.

Installation

The app should be installed on your search head. Summary indexes will be created, and so you may either install the app on indexers or deploy the indexes.conf alone.

Additional Technology Add-ons (i.e. CIM mapping, whether downloaded from splunkbase or hand built) are required for this app to work properly. The installation of TAs will be specific to the TA itself and its documentation should be reviewed separately.

The FISMA app performs summary indexing on data, and views will revert to looking at summary indexed data if a time period of 6 hours or greater is selected from the view's time picker. Additionally, the Overview page uses summary indexed data. Because of this, you should not expect to see all charts populate immediately after installation. There is a nix-based backfill script in the app's bin directory.

Controls

11 Control Families
40 Controls
60 Searches

  • Access Control (AC)
    • AC-2 Account Management
    • AC-3 Access Enforcement
    • AC-4 Information Flow Enforcement
    • AC-5 Separation Of Duties
    • AC-6 Least Privilege
    • AC-7 Unsuccessful Login Attempts
    • AC-10 Concurrent Session Control
    • AC-11 Session Lock
    • AC-17 Remote Access
    • AC-18 Wireless Access
    • AC-19 Access Control For Mobile Devices
  • Audit & Accountability (AU)
    • AU-2 Auditable Events
    • AU-3 Content Of Audit Records
    • AU-4 Audit Storage Capacity
    • AU-5 Response To Audit Processing Failures
    • AU-6 Audit Review, Analysis, And Reporting
    • AU-7 Audit Reduction And Report Generation
    • AU-8 Time Stamps
    • AU-9 Protection Of Audit Information
    • AU-11 Audit Record Retention
    • AU-12 Audit Generation
  • Security Assessment & Authorization (CA)
    • CA-2 Security Assessments
    • CA-7 Continuous Monitoring
  • Configuration Management (CM)
    • CM-2 Baseline Configuration
    • CM-6 Configuration Settings
    • CM-7 Least Functionality
  • Contingency Planning (CP)
    • CP-9 Information System Backup
  • Identification & Authentication (IA)
    • IA-2 Identification And Authentication (Organizational Users)
    • IA-8 Identification And Authentication (Non-Organizational Users)
  • Incident Response (IR)
    • IR-4 Incident Handling
    • IR-5 Incident Monitoring
    • IR-6 Incident Reporting
    • IR-7 Incident Response Assistance
  • Personnel Security (PS)
    • PS-4 Personnel Termination
  • Risk Assessment (RA)
    • RA-5 Vulnerability Scanning
  • System & Communications Protection (SC)
    • SC-5 Denial Of Service Protection
    • SC-7 Boundary Protection
  • System & Information Integrity (SI)
    • SI-3 Malicious Code Protection
    • SI-4 Information System Monitoring

Example Data Sources

  • Windows
  • Unix
  • Proxy
  • Firewall
  • IDS
  • Wireless Security
  • Vulnerability Scanners
  • Network Scanners
  • Application Installation and Patching
  • Anti-virus systems
  • your custom logs and more...

Connections

Internal:
None

External:
None

Known Issues

None.

Credits

Dan Goldburt and team for the initial version of this app.

Versions and Release Notes

Version 1.1.2 (current version - updated Apr 06, 2012)

posted 06 Apr '12, 11:20

mw's gravatar image

mw
1.7k215
accept rate: 29%

new version 06 Apr '12, 11:20

One Review:
1 review, 2 ratings, average 5.0
oldestnewest

The version prior to October 11th was also 1.1.2. Are there any changes in today's update?

comments (1)

reviewed 11 Oct '12, 13:54

tmeader's gravatar image

tmeader
8283417
accept rate: 15%

Sorry, no new release here. I think there were some changes regarding splunkbase itself that triggered the change of date unfortunately.

(20 Nov '12, 09:16) mw
Your review

Did you find this app useful?

Preview toggle preview

Price: Free
Author: mw
Version: 1.1.2
Splunk compatibility: 4.3, 4.2, 4.1, 4.x, 5.x
Updated:
License: Creative Commons BY 3.0

This app is not covered by any support agreements in place with Splunk. If you have questions about the installation or operation of this app, please contact the author.

Follow this app

Log In to enable email subscriptions

RSS:

Reviews

Reviews + Comments

Ask a Question
Copyright © 2005-2012 Splunk Inc. All rights reserved.