Skip to content

Tanium Computer Groups must be used to restrict console users from affecting changes to unauthorized computers.

An XCCDF Rule

Description

<VulnDiscussion>Computer Groups allow a site running Tanium to assign responsibility of specific Computer Groups to specific Tanium console users. By doing so, a desktop administrator, for example, will not have the ability to enforce an action against a high visibility server. For large sites, it is crucial to have the Computer Groups. While a smaller site might not seem to require Computer Groups, creating them provides for a cleaner implementation. All sites will be required to have some kind of Computer Groups configured other than the default "All Computers".</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-254882r867546_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

1. Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with multi-factor authentication.
  
2. Click "Administration" on the top navigation banner.
  
3. Select the "Computer Groups" tab.