The Tanium Server and Client applications must have logging enabled.

An XCCDF Rule

Description

<VulnDiscussion>Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving application state information helps to facilitate application restart and return to the operational mode of the organization with less disruption to mission-essential processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253785r997226_rule
Severity: Medium
References: CCI-001665
Updated: 17 days ago

For Tanium Server:

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication. 

2. Click "Administration" on the top navigation banner. 
3. Under "Configuration", select "Logging".

4. In "Log Verbosity Level for Troubleshooting", set "Tanium Server" and "Tanium Module Server" to "1". 

For Tanium Client:

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication.

2. Click "Modules" on the top navigation banner.

3. Click "Interact".

4. In the "Explore Data" box, type the following question:

Get Tanium Client Explicit Setting[LogVerbosityLevel] < 1 and Is Windows from all machines with Tanium Client Explicit Setting[LogVerbosityLevel] < 1

5. Select the row with "Is windows" set to "True" and deploy the following action and settings:
    a) Deployment Package: Modify Tanium Client Setting
    b) RegType: REG_DWORD
    c) ValueName: LogVerbosityLevel
    d) ValueData: 1 or higher
    
    Schedule Deployment
    a) Distribute over: 1 hour

6. Click "Show Preview to continue".

7. Click "Deploy Action".

8. Select the row with "Is windows" set to "False" and deploy the following action and settings:
    a) Deployment Package: Modify Tanium Client Setting [Non-Windows]
    b) RegType: NUMERIC
    c) ValueName: LogVerbosityLevel
    d) ValueData: 1 or higher
    
    Schedule Deployment
    a) Distribute over: 1 hour

9. Click "Show Preview to continue".

10. Click "Deploy Action".

The Tanium Server and Client applications must have logging enabled.

Description

Remediation - Manual Procedure