The Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.

An XCCDF Rule

Description

<VulnDiscussion>If security personnel are not notified immediately upon storage volume utilization reaching 75 percent, they are unable to plan for storage capacity expansion.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-254935r867705_rule
Severity: Medium
References: CCI-001855
Updated: about 1 year ago

1. Access the Tanium Server interactively.
 
2. Log on to the TanOS console as the user "tanadmin".

3. Enter "3" to access the "Tanium Support" menu. 
4. Enter "5" to Run a Health Check.

The Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.

Description

Remediation - Manual Procedure