Tanium 7.0 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000175
Group -
SRG-APP-000320
Group -
SRG-APP-000359
Group -
Tanium must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
If security personnel are not notified immediately upon storage volume utilization reaching 75 percent, they are unable to plan for storage capacity expansion.Rule Medium Severity -
SRG-APP-000148
Group -
Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. Organizational user...Rule Medium Severity -
SRG-APP-000293
Group -
The Tanium SQL database must be installed on a separate system.
Failure to protect organizational information from data mining may result in a compromise of information. Data storage objects include, for example, databases, database records, and database field...Rule Medium Severity -
SRG-APP-000323
Group -
SRG-APP-000328
Group -
SRG-APP-000294
Group -
Tanium must notify System Administrators and Information System Security Officers for account removal actions.
When application accounts are removed, user accessibility is affected. Accounts are used for identifying individual application users or for identifying the application processes themselves. In or...Rule Medium Severity -
SRG-APP-000378
Group -
Tanium must prohibit user installation of software without explicit privileged status and enforce access restrictions associated with changes to application configuration.
Allowing regular users to install software without explicit privileges creates the risk that untested or potentially malicious software will be installed on the system. Explicit privileges (escalat...Rule Medium Severity -
SRG-APP-000111
Group -
Tanium must provide the capability to centrally review and analyze audit records from multiple components within the system.
Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a proficien...Rule Medium Severity -
SRG-APP-000323
Group -
SRG-APP-000381
Group -
The access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database.
After the Tanium Server has been installed and the Tanium databases created, only the Tanium Receiver, Tanium Module, and Tanium connection manager (ad sync) service needs to access the SQL Server ...Rule Medium Severity -
SRG-APP-000381
Group -
SRG-APP-000383
Group -
Firewall rules must be configured on the Tanium Server for Server-to-Database communications.
The Tanium Server can use either a SQL Server RDBMS installed locally to the same device as the Tanium Server application or a remote dedicated or shared SQL Server instance. Using a local SQL Serv...Rule Medium Severity -
SRG-APP-000454
Group -
SQL stored queries or procedures installed during Tanium installation must be removed from the Tanium Server.
Failure to protect organizational information from data mining may result in a compromise of information. Data storage objects include, for example, databases, database records, and database field...Rule Medium Severity -
SRG-APP-000439
Group -
The Tanium Server must protect the confidentiality and integrity of transmitted information with cryptographic signing capabilities enabled to ensure the authenticity of communications sessions when making requests from Tanium Clients.
Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered. Without authentic...Rule Medium Severity -
SRG-APP-000003
Group -
SRG-APP-000015
Group -
SRG-APP-000015
Group -
Content providers must provide their public key to the Tanium administrator to import for validating signed content.
A Tanium Sensor, also called content, enables an organization to gather real-time inventory, configuration, and compliance data elements from managed computers. Sensors gather specific information ...Rule Medium Severity -
SRG-APP-000015
Group -
SRG-APP-000033
Group -
SRG-APP-000039
Group -
The Tanium documentation identifying recognized and trusted IOC Detect streams must be maintained.
An IOC stream is a series or "stream" of IOCs that are imported from a vendor based on a subscription service. An IOC stream can be downloaded manually or on a scheduled basis. The items in an IOC ...Rule Medium Severity -
SRG-APP-000039
Group -
The Tanium IOC Detect must be configured to receive IOC streams only from trusted sources.
An IOC stream is a series or "stream" of IOCs that are imported from a vendor based on a subscription service or manually downloaded and placed in a folder. IOC Detect can be configured to retrieve...Rule Medium Severity -
SRG-APP-000115
Group -
The Tanium Connect module must be configured to forward Tanium IOC Detect events to identified destinations.
Indicators of Compromise (IOC) is an artifact that is observed on the network or system that indicates computer intrusion. The Tanium IOC Detect module detects, manages, and analyzes systems agains...Rule Medium Severity -
SRG-APP-000121
Group -
SRG-APP-000131
Group -
Firewall rules must be configured on the Tanium module server to allow Server-to-Module Server communications from the Tanium Server.
The Tanium Module Server is used to extend the functionality of Tanium through the use of various workbenches. The Tanium Module Server requires communication with the Tanium Server on port 17477. ...Rule Medium Severity -
SRG-APP-000133
Group -
All installation files originally downloaded to the Tanium Server must be configured to download to a location other than the Tanium Server directory.
Typically, the Tanium Server stores the Package Source Files that it downloads from the Internet and server shares or files uploaded through the Tanium Console in a subdirectory of the server's ins...Rule Medium Severity -
SRG-APP-000142
Group -
Firewall rules must be configured on the Tanium Server for Client-to-Server communications.
In addition to the client-to-server TCP communication that takes place over port 17472, Tanium Clients also communicate to other Tanium-managed computers over port 17472. The Tanium environment can...Rule Medium Severity -
SRG-APP-000142
Group -
Firewall rules must be configured on the Tanium Zone Server for Client-to-Zone Server communications.
In customer environments using the Tanium Zone Server, a Tanium Client may be configured to point to a Zone Server instead of a Tanium Server. The communication requirements for these Clients are i...Rule Medium Severity -
SRG-APP-000142
Group -
SRG-APP-000176
Group -
The Tanium Server certificate and private/public keys directory must be protected with appropriate permissions.
If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure. The cornerstone of the PKI is the private key use...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.