Overview

Many organizations are subject to regulations that mandate the collection and analysis of specific types of events for the purpose of detecting and responding to suspicious activity. This content pack supports and simplifies your organization's efforts to meet PCI compliance requirements, leveraging pre-built views and reports for visibility into your compliance status and ensuring accurate reporting for audits.

Content Pack Components

Views
  • 01 - Firewall Configurations (Folder)
    • 1.1.1 - Firewall and Router Connections (Folder)
      • PCI - Network Change Summary
    • 1.4 - Installation of Personal Firewalls (Folder)
      • PCI - Personal Firewall Disabled
    • 1.2.1 - Network Traffic Monitoring (Folder)
      • PCI - Accessed Port Summary - Inbound
      • PCI - Accessed Port Summary - Out Deny
      • PCI - Accessed Port Summary - Outbound
      • PCI - Allowed Connections Suspicious Ports
      • PCI - Allowed Inbound Port Summary
      • PCI - Allowed Outbound Connections
      • PCI - Connections to Regulated Environment
      • PCI - Denied Outbound Connections
    • 1.3.7 - Database Traffic Thru Firewall (Folder)
      • PCI - Database Traffic Thru Firewall
    • 1.3.4 - Inbound Connection w Internal IP (Folder)
      • PCI - Inbound Connection Internal Address
    • 1.1.5 - All Services, Protocols, Ports (Folder)
      • PCI - Accessed Port Summary
      • PCI - Accessed Port Summary - Database
      • PCI - Accessed Port Summary Database Out
      • PCI - Open Ports Summary
  • 02 - Passwords (Folder)
    • PCI - Password Changes and Resets
    • 2.1 - Change Vendor Defined Defaults (Folder)
      • PCI - Account Sharing Summary
    • 2.3 - Encrypted Traffic (Folder)
      • PCI - Likely Encrypted Traffic
      • PCI - Likely Unencrypted Traffic
  • 03 - Cross Platform
    • PCI - All Cross Platform Events
    • 3.4 - Encryption Events Summary (Folder)
      • PCI - Encryption Events Summary
  • 05 - Use and Update AV Software (Folder)
    • 5.1 - Deploy Anti-virus Software (Folder)
      • PCI - Anti-malware Deployed
      • PCI - Critical Anti-malware Issues
      • PCI - Hosts without Malware Protection
    • 5.2 - Anti-virus Current, Running, Audit (Folder)
      • PCI - Anti-malware Process Stopped
      • PCI - Anti-malware Protection Disabled
      • PCI - Anti-malware Protection Events
      • PCI - Anti-malware Scan Summary
      • PCI - Anti-malware Update Failure
      • PCI - Anti-malware Update Success
    • 5.1.1 - Anti-virus Actions (Folder)
      • PCI - Hosts with the Most Malware
      • PCI - Top Malware Types Detected
  • 06 - Secure Systems (Folder)
    • PCI - DB Schema Changes
    • PCI - DB System Level Change Summary
    • PCI - Security Log Resets
    • 6.4 - Change Control to System Component (Folder)
      • PCI - Application Configuration Changes
      • PCI - Audit Policy Changes
      • PCI - Change Event Summary
      • PCI - Critical System Changes
      • PCI - Database Schema Changes
      • PCI - Database Structure Changes
      • PCI - Database Tables Dropped
      • PCI - DB Change Control
      • PCI - DB Change Control Exception
      • PCI - Firewall Policy Changes
      • PCI - Network Device Configuration Change
      • PCI - Security Device Configuration Change
      • PCI - System Configuration Changes
      • PCI - Windows Audit Policy Changes
      • PCI - Windows Security Policy Changes
    • 6.1 - Latest Security Patches Installed (Folder)
      • PCI - Automatic Updates Disabled
      • PCI - Patch Failed to Install
      • PCI - Patch Update-Success
  • 07 - Restrict Access to Cardholder Data (Folder)
    • 7.1.4 - Implement Automated Access Control (Folder)
      • PCI - Regulated Resource Access Summary
      • PCI - Regulated Resource Login Failures
  • 08 - Account Management (Folder)
    • PCI - Account Lockouts
    • PCI - Account Management Summary
    • PCI - DB User Privilege Changes
    • PCI - User Account Creation and Deletion
    • 8.5.1 - Add Delete Modify Identifier Obj (Folder)
      • PCI - User Account Created
      • PCI - User Account Password Actions
      • PCI - User Account Privileges Modified
      • PCI - User Accounts Modified
      • PCI - User Group Privileges Modified
      • PCI - User Groups Added
      • PCI - User Groups Modified
    • 8.5.13 - Limit Repeated Access Attempts (Folder)
      • PCI - Password Guessing Events
    • 8.5.16 - Auth to DB with Cardholder Data (Folder)
      • PCI - User Account Access Summary
    • 8.5.6 - Remote Access (Folder)
      • PCI - Remote Access Summary
    • 8.5.4 - Revoke Access to Terminated User (Folder)
      • PCI - User Account Deleted
    • 8.5.5 - Remove/Disable Inactive Users (Folder)
      • PCI - User Account Disabled
    • 8.3 - Authentication for Remote Access (Folder)
      • PCI - VPN Access Summary
  • 10 - Track Access to Network Resources (Folder)
    • 10.2.1 - Access Cardholder Data (Folder)
      • PCI - Access to Cardholder Data - Win
      • PCI - DB Access Policy Violations Detail
      • PCI - DB Audited Object Access
      • PCI - DB Logon Logoff Details
      • PCI - DB Top Consumers CardHolder Data
      • PCI - Summary of Database Accessed
      • PCI - Summary of File Access
    • 10.2.2 - Actions with Root or Admin Priv (Folder)
      • PCI - Admin User Action Summary
      • PCI - Admin User Login Failure
      • PCI - Admin User Login Success
      • PCI - Administrator Access Summary
      • PCI - Administrator Actions - Linux UNIX
      • PCI - Administrator Actions - Win
    • 10.2.3 - Access to All Audit Trails (Folder)
      • PCI - DB Access to All Audit Trails
      • PCI - Log Review Activity Summary
    • 10.2.6 - Initialization of Audit Logs (Folder)
      • PCI - Event Log Cleaned
      • PCI - Event Log Full
      • PCI - Initialization of Audit Logs
      • PCI - Logging Stopped
    • 10.2.5 - Use of ID and Auth Mechanisms (Folder)
      • PCI - All Application Logins
      • PCI - All Database Logins
      • PCI - All Network Device Logins
      • PCI - All OS Logins
      • PCI - All Security Device Logins
      • PCI - All VPN Logins
      • PCI - Critical Authentication Issues
      • PCI - Local Login Failure
      • PCI - Local Login Successes
      • PCI - Login Failures
      • PCI - Login Success
      • PCI - Network Login Failures
      • PCI - Network Login Success
      • PCI - User Account Lockouts
    • 10.2 - Automated Audit Trails (Folder)
      • PCI - All Logging System Events
      • PCI - Event Type Summary
    • 10.5.5 - Log Data Changes (Folder)
      • PCI - Stored Log Changes and Deletions
    • 10.2.4 - Invalid Logical Access Attempts (Folder)
      • PCI - Access Failure Summary
      • PCI - Failed Database Queries
      • PCI - Failed File Access
    • 10.2.7 - Create-Delete System Objects (Folder)
      • PCI - Database Created
      • PCI - Database Deleted
      • PCI - Database Table Created
      • PCI - Database Table Deleted
      • PCI - File or Directory Deleted
    • 10.3.4 - Success or Failure Indication (Folder)
      • PCI - DB Failed Transaction Details
  • 11 - Test Security Systems and Processes (Folder)
    • 11.4 - Use IDS/IPS to Monitor Traffic (Folder)
      • PCI - Alerts Triggered by ESM
      • PCI - Critical Assets-High Severity Events
      • PCI - IPS-IDS Signature Events
    • 11.5 - Critical File Changes (Folder)
      • PCI - Critical File Changes
      • PCI - File Integrity Events Summary
    • 11.1 - Wireless Devices (Folder)
      • PCI - Wireless Event Summary
    • 11.2 - Network Vulnerability Scans (Folder)
      • PCI - Asset Vulnerability Summary
      • PCI - Asset Vulnerability with Severity
      • PCI - Critical Vuln on Regulated Assets
      • PCI - Most Frequent Vulnerabilities
      • PCI - Top Vulnerability Categories
      • PCI - Top Vulnerable Assets
  • 12 - Policy Changes (Folder)
    • PCI - All Policy Changes

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register for Free Trial