The Tanium Detect must be configured to receive IOC streams only from trusted sources.

An XCCDF Rule

Description

<VulnDiscussion>An IOC stream is a series or stream of intel that are imported from a vendor based on a subscription service or manually downloaded and placed in a folder. Detect can be configured to retrieve the IOC content on a regularly scheduled basis. The items in an IOC stream can be separately manipulated after they are imported.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-234084r612749_rule
Severity: Medium
References: CCI-001414
Updated: about 1 year ago

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.
Click on "Detect".

Expand the left menu.

Click the "Management" tab.

Select "Sources".

Click "New Source".

Select the specified Source from the list.

Fill out the specified information. 

Select "Create".

The Tanium Detect must be configured to receive IOC streams only from trusted sources.

Description

Remediation - Manual Procedure