The Tanium application must provide an immediate warning to the system administrator and information system security officer (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

An XCCDF Rule

Description

<VulnDiscussion>If security personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253793r997233_rule
Severity: Medium
References: CCI-001855
Updated: 17 days ago

Consult with the Tanium system administrator or database administrator to determine the volume on which the Tanium SQL databases are installed.

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication.

2. Click "Modules" on the top navigation banner.
3. Select "Interact".

4. Enter "Get Disk Free Space from all machines with Computer Name containing" [Your SQL Computer Name]. 

5. Click "Enter".

6. Confirm question.

7. Select "Save" to the right of the Question Results.

8. Enter a name (e.g., SQL Disk Free Space).

9. Click "Save".

10. Click "Modules" on the top navigation banner.

11. Select "Connect".

12. Select "Create Connection".

13. In the Configuration section, select "Saved Question" from the Source drop-down menu.

14. Enter the "Saved Question Name" created above or select from the drop-down menu.

15. Select the "Computer Group" name from the drop-down menu.

16. Select the desired destination from the drop-down menu (must be a SIEM tool).

17. In the "General Information" section, provide a name and description.

18. Click "Save".

Work with the SIEM administrator to configure an alert when Disk Free Space of the Tanium SQL Server reaches below 25% of maximum.

The Tanium application must provide an immediate warning to the system administrator and information system security officer (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

Description

Remediation - Manual Procedure