The application must, at a minimum, offload interconnected systems in real time and offload standalone systems weekly.

An XCCDF Rule

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253780r997221_rule
Severity: Medium
References: CCI-001851
Updated: 17 days ago

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication.
 
2. Click "Modules" on the top navigation banner.
 
3. Select "Connect".
4. Click "Create Connection".

5. Enter "Name".

6. Enter "Description".

7. In the "Configuration" section, select Source: "Tanium Audit Source" and under "Basic" options, select appropriate audits.

8. In the "Destination" section, select a source from the drop-down menu. 

9. Enter "Destination Name".

10. Enter "Host".

11. Select "Network Protocol": "TCP" or "UDP".

12. Enter "Port".

13. Select "Save".

The application must, at a minimum, offload interconnected systems in real time and offload standalone systems weekly.

Description

Remediation - Manual Procedure