The Tanium application must offload audit records onto a different system or media than the system being audited.

An XCCDF Rule

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-254934r867702_rule
Severity: Medium
References: CCI-001851
Updated: about 1 year ago

1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on using multi-factor authentication.

2. Click "Modules" on the top of the console.

3. Click "Connect".
4. Click "Create Connection".

5. In the "Configuration" section under "Source", select "Tanium Audit Source" as the source from the drop-down menu.

6. In the "Configuration" section under "Destination", select the desired destination and fill in the respective fields.

7. In the "Configure Output" section under "Format", select the desired file format type.

8. In the "Schedule" section, select the desired schedule.

9. Click "Save".

The Tanium application must offload audit records onto a different system or media than the system being audited.

Description

Remediation - Manual Procedure