Skip to content

Tanium Computer Groups must be used to restrict console users from effecting changes to unauthorized computers.

An XCCDF Rule

Description

<VulnDiscussion>Computer Groups allow a site running Tanium to assign responsibility of specific Computer Groups to specific Tanium console users. By doing so, a desktop administrator, for example, will not have the ability to enforce an action against a high-visibility server. For large sites, it is crucial to have the Computer Groups. While a smaller site might not seem to require Computer Groups, creating them provides for a cleaner implementation. All sites will be required to have some kind of Computer Groups configured other than the default "All Computers".</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-253817r842479_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

1. Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web UI and log on with multifactor authentication.
  
2. Click "Administration" on the top navigation banner.
  
3. Select the "Computer Groups" tab.