Tanium 7.3 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Tanium documentation identifying recognized and trusted Intel streams must be maintained.
<VulnDiscussion>An IOC stream is a series or stream of IOCs that are imported from a vendor based on a subscription service. An IOC stream ca...Rule Medium Severity -
SRG-APP-000039
<GroupDescription></GroupDescription>Group -
SRG-APP-000211
<GroupDescription></GroupDescription>Group -
SRG-APP-000340
<GroupDescription></GroupDescription>Group -
SRG-APP-000247
<GroupDescription></GroupDescription>Group -
The Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
<VulnDiscussion>If security personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for ...Rule Medium Severity -
SRG-APP-000360
<GroupDescription></GroupDescription>Group -
SRG-APP-000246
<GroupDescription></GroupDescription>Group -
SRG-APP-000111
<GroupDescription></GroupDescription>Group -
Tanium endpoint files must be protected from file encryption actions.
<VulnDiscussion>Similar to any other host-based applications, the Tanium Client is subject to the restrictions other System-level software ma...Rule Medium Severity -
Tanium must centrally review and analyze audit records from multiple components within the system.
<VulnDiscussion>Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the or...Rule Medium Severity -
Tanium endpoint files must be excluded from on-access antivirus actions.
<VulnDiscussion>Similar to any other host-based applications, the Tanium Client is subject to the restrictions other System-level software ma...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
SRG-APP-000379
<GroupDescription></GroupDescription>Group -
The Tanium Client Deployment Tool (CDT) must not be configured to use the psexec method of deployment.
<VulnDiscussion>When using the Tanium Client Deployment Tool (CDT), using psexec represents an increased vulnerability as the NTLM hash and c...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Tanium must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.
<VulnDiscussion>Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized ...Rule Medium Severity -
SRG-APP-000386
<GroupDescription></GroupDescription>Group -
Tanium must employ a deny-all, permit-by-exception (whitelist) policy to allow the execution of authorized software programs.
<VulnDiscussion>Utilizing a whitelist provides a configuration management method for allowing the execution of only authorized software. Usin...Rule Medium Severity -
SRG-APP-000414
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.