Complying with General Data Protection Regulation

Required data

• Authentication data
• Firewall data
• Proxy data
• Antivirus data
• System log data

How to use Splunk software for this use case

You can use Splunk to manage GDPR in-scope systems to ensure compliance. You can monitor who accesses what systems, what connections occur in your environment, whether systems are patched appropriately, and a number of other key indicators to guarantee compliance with GDPR and facilitate your ability to prove compliance.

This use case is best deployed using Splunk Security Essentials (SSE), a free application with a security content library. Splunk Security Essentials will help ensure you have the right data models, lookups, and other assets and configurations needed for the searches to run correctly.

• Access to unencrypted resources
• Activity from expired user identity
• Brute force access behavior detected against category
• Brute force access behavior detected over one day against category
• Expected host not reporting
• Geographically improbable access detected against category
• Geographically improbable access detected for privileged accounts
• Device with outdated anti-malware
• System with Windows update disabled
• New connection to device
• Unauthorized connection through firewall
• Unauthorized access to Splunk indexes
• Unauthorized access to systems

Next steps

Measuring impact and benefit is critical to assessing the value of compliance operations. When implementing this use case, you should track the number of out-of-GDPR-compliance incidents detected over time. In addition, review compliance office requirements and reporting policies, and have a method of developing and maintaining an asset and identity catalog with in-scope attributes. 

• These additional Splunk resources might help you understand and implement this use case:
  • White Paper: How machine data supports GDPR compliance
  • Blog: 7 high-risk events to monitor under GDPR: Lessons learned from the ICO’s BA penalty notice 

• Still need help with this use case? Most customers have OnDemand Services per their license support plan. Engage the ODS team at OnDemand-Inquires@splunk.com if you require assistance.

• Finally, if you'd like a more efficient way to comply with GDPR, consider upgrading your deployment. Splunk Enterprise Security helps you ingest, monitor, investigate/analyze and act (IMIA) on security data and insights. Click here and here to see how this use case can be accomplished in Splunk Enterprise Security.