Skip to main content

Overview

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Wazuh helps organizations monitor and maintain PCI DSS compliance through automated security event detection and mapping.

PCI DSS Requirements Coverage

Wazuh maps security events to PCI DSS requirements through the rule.pci_dss field. The compliance requirements are defined in: Source: plugins/main/common/compliance-requirements/pci-requirements.ts

Network Security Requirements

A formal process for approving and testing all network connections and changes to the firewall and router configurations.Monitored by: Network configuration change detection, firewall rule modifications
Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.Monitored by: Outbound connection monitoring, data exfiltration detection
Install personal firewall software on portable devices that connect to the Internet when outside the network and access the CDE.Monitored by: Endpoint firewall status, portable device security checks

System Hardening Requirements

Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry accepted system hardening standards (CIS, ISO, SANS, NIST).Monitored by: Configuration compliance checks, baseline deviation detection
Enable only necessary services, protocols, daemons, etc., as required for the function of the system.Monitored by: Running service detection, unnecessary service alerts
Implement additional security features for any required services, protocols, or daemons that are considered to be insecure.Monitored by: Insecure protocol detection, security configuration validation
Configure system security parameters to prevent misuse.Monitored by: Security parameter monitoring, misuse detection

Cryptography and Data Protection

Use strong cryptography and security protocols (SSL/TLS, IPSEC, SSH) to safeguard sensitive cardholder data during transmission over open, public networks.Monitored by: Unencrypted transmission detection, weak cipher alerts
Deploy anti-virus software on all systems commonly affected by malicious software.Monitored by: Anti-virus status checks, malware detection events
Ensure that all anti-virus mechanisms are kept current, perform periodic scans, and generate audit logs.Monitored by: AV definition updates, scan completion status, malware alerts

Vulnerability Management

Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches within one month of release.Monitored by: Patch status monitoring, vulnerability detection
Address common coding vulnerabilities in software development processes. Train developers in secure coding techniques.Monitored by: Application security events, code vulnerability alerts
Protection against SQL injection, OS command injection, LDAP and XPath injection flaws.Monitored by: Injection attack detection, suspicious query patterns
Prevention and detection of buffer overflow vulnerabilities.Monitored by: Memory violation alerts, overflow attempt detection
Protection against XSS attacks.Monitored by: XSS attempt detection, input validation failures
Review public-facing web applications via security assessment tools or install web-application firewalls.Monitored by: WAF events, web attack detection

Access Control Requirements

Control addition, deletion, and modification of user IDs, credentials, and other identifier objects.Monitored by: User account changes, credential modifications
Remove/disable inactive user accounts within 90 days.Monitored by: Inactive account detection, account lifecycle events
Limit repeated access attempts by locking out the user ID after not more than six attempts.Monitored by: Failed login attempts, account lockout events
If a session has been idle for more than 15 minutes, require the user to reauthenticate.Monitored by: Session timeout events, idle session detection
All access to databases containing cardholder data is restricted through programmatic methods.Monitored by: Direct database access attempts, query monitoring

Logging and Monitoring

Implement audit trails to link all access to system components to each individual user.Monitored by: User activity logging, access trail generation
Log all individual user accesses to cardholder data.Monitored by: Data access events, CHD access logging
Log all actions taken by any individual with root or administrative privileges.Monitored by: Privileged command execution, admin activity
Log invalid logical access attempts.Monitored by: Failed authentication, unauthorized access attempts
Log use of and changes to identification and authentication mechanisms.Monitored by: Account creation, privilege escalation, credential changes
Protect audit trail files from unauthorized modifications.Monitored by: Log file integrity monitoring, unauthorized log access
Use file integrity monitoring on logs to ensure existing data cannot be changed without generating alerts.Monitored by: FIM on log files, log tampering detection
Review logs and security events for all system components to identify anomalies or suspicious activity.Monitored by: Anomaly detection, suspicious pattern identification

Intrusion Detection

Use intrusion detection and/or intrusion prevention techniques to detect and/or prevent intrusions into the network.Monitored by: Network intrusion detection, attack pattern recognition
Deploy a change detection mechanism to alert personnel to unauthorized modification of critical system files.Monitored by: File integrity monitoring alerts, critical file changes

Using the PCI DSS Dashboard

Accessing PCI DSS Compliance View

1

Open PCI DSS Module

Navigate to the PCI DSS section in the Wazuh Dashboard overview.
2

Review Compliance Status

The dashboard displays all PCI DSS requirements with current alert counts.
3

Filter by Requirement

Click on requirement categories (1, 2, 4, 5, 6, 8, 10, 11) to view specific controls.
4

Analyze Violations

Review the events table showing security alerts mapped to each requirement.

Dashboard Components

The PCI DSS dashboard includes:
  • Top requirements by alert count - Identifies most violated controls
  • Alert distribution - Shows compliance coverage across requirements
  • Timeline view - Tracks compliance violations over time
  • Requirement details - Displays full text of each PCI DSS requirement
Source: plugins/main/public/components/overview/pci/dashboards/dashboard-panels.ts

Data Source Implementation

The PCI DSS data source filters events by the rule.pci_dss field: 
const KEY_EXIST = 'rule.pci_dss';
Reference: plugins/main/public/components/common/data-source/pattern/events/pci-dss/pci-dss-data-source.ts:5

Event Columns

PCI DSS events table displays:
  • Timestamp
  • Rule description
  • PCI DSS requirement (rule.pci_dss field)
  • Alert level
  • Agent information
Source: plugins/main/public/components/overview/pci/events/pci-columns.tsx:8

Compliance Reporting

Generating PCI DSS Reports

1

Select Time Range

Use the date picker to define the audit period (e.g., last quarter).
2

Apply Filters

Filter by specific requirements, agents, or alert levels.
3

Export Data

Use the export functionality to generate compliance reports.
4

Document Findings

Include requirement descriptions and alert details in audit documentation.

Integration with Other Modules

PCI DSS requirements appear in:
  • MITRE ATT&CK view - Maps compliance to attack techniques
  • Threat Hunting - Includes PCI DSS aggregations
  • Agent overview - Per-agent PCI DSS compliance status
Reference: plugins/main/public/components/overview/mitre/framework/components/techniques/components/rule-details.tsx:111

Requirement Data Structure

The complete PCI DSS requirements mapping: 
export const pciRequirementsFile = {
  '1.1.1': 'A formal process for approving and testing...',
  '1.3.4': 'Do not allow unauthorized outbound traffic...',
  '1.4': 'Install personal firewall software...',
  '2.2': 'Develop configuration standards...',
  // ... 40+ additional requirements
};
Full definition: plugins/main/common/compliance-requirements/pci-requirements.ts:12

Best Practices

Daily Reviews

Review PCI DSS dashboard daily to identify new violations promptly.

Focus on Critical Requirements

Prioritize requirements 8 (access control), 10 (logging), and 11 (monitoring).

Integrate with Change Management

Correlate requirement violations with recent system changes.

Quarterly Audits

Generate comprehensive quarterly reports for PCI DSS assessments.
  • Compliance Overview
  • [File Integrity Monitoring(/modules/file-integrity-monitoring) - Supports requirements 10.5.5 and 11.5
  • [Vulnerability Detection(/modules/vulnerability-detection) - Supports requirement 6.2
  • [Log Analysis(/modules/threat-hunting) - Supports requirements 10.x

Build docs developers (and LLMs) love

Get started for freeTalk to us