Tanium Threat Response must be configured to receive IOC streams only from trusted sources.
An XCCDF Rule
Description
<VulnDiscussion>Using trusted and recognized IOC sources may detect compromise and prevent systems from becoming compromised. An IOC stream is a series or stream of intel that is imported from a vendor based on a subscription service or manually downloaded and placed in a folder. Threat Response can be configured to retrieve the IOC content on a regularly scheduled basis. The items in an IOC stream can be manipulated separately after they are imported.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-253843r842557_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Consult the documentation on trusted intel subscription feeds.
1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication.
2. Click "Modules" on the top navigation banner.