Skip to content

The Tanium documentation identifying recognized and trusted indicator of compromise (IOC) streams must be maintained.

An XCCDF Rule

Description

<VulnDiscussion>Using trusted and recognized IOC sources may detect compromise and prevent systems from becoming compromised. An IOC stream is a series or stream of IOCs that are imported from a vendor based on a subscription service. An IOC stream can be downloaded manually or on a scheduled basis. The items in an IOC stream can be manipulated separately after they are imported.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-253842r997266_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Prepare and maintain documentation identifying the Threat Response trusted stream sources.