The access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database.

An XCCDF Rule

Details
Profiles

Description

After the Tanium Server has been installed and the Tanium databases created, only the Tanium Receiver, Tanium Module, and Tanium connection manager (ad sync) service needs to access the SQL Server database.

ID: SV-93355r1_rule
Version: TANS-DB-000003
Severity: Medium
References: CCI-001814
Updated: 4 days ago

Remediation Templates

Access the Tanium SQL server interactively.

Log on with an account with administrative privileges to the server.

Open SQL Server Management Studio.
Connect to a Tanium instance of SQL Server.
In the left pane, click "Databases".
Select the Tanium database.
Click "Security".
Click "Users".

In the "Users" pane, review the roles assigned to the user accounts.

For any user accounts with elevated privileges, reduce the role assigned to a least privileged role.

The access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database.

Description

Remediation Templates

A Manual Procedure