Tanium Computer Groups must be used to restrict console users from affecting changes to unauthorized computers.
An XCCDF Rule
Description
<VulnDiscussion>Computer Groups allow a site running Tanium to assign responsibility of specific Computer Groups to specific Tanium console users. By doing so, a desktop administrator, for example, will not have the ability to enforce an action against a high visibility server. For large sites, it is crucial to have the Computer Groups and while a smaller site might not seem to require Computer Groups, creating them provides for a cleaner implementation. All sites will be required to have some kind of Computer Groups configured other than the default "All Computers".</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-93311r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC.
Click on the navigation button (hamburger menu) on the top left of the console and then click on "Administration".
Select the "Computer Groups" tab.