The application must, at a minimum, offload interconnected systems in real time and offload standalone systems weekly.

An XCCDF Rule

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

ID: SV-254951r870364_rule
Version: TANS-AP-001405
Severity: Medium
References: CCI-001851
Updated: 5 days ago

Remediation Templates

1.Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication.
 
2. Click "Modules" on the top navigation banner.
 
3. Select "Connect".
4. Click "Create Connection".

5. Enter "Name".

6. Enter "Description".

7. In the "Configuration" section, select "Source: Tanium Audit Source" and then under "Basic" options select appropriate audits.

8. In the Destination section, select a source from the drop-down menu. 

9. Enter "Destination Name".

10. Enter "Host".

11. Select "Network Protocol", then "TCP" or "UDP".

12. Enter "Port".

13. In the Schedule section, select "Enable Schedule".

14. Select "Basic".

15. Select the drop-down under "Frequency" and choose, "One run per day, on selected days of the week".

16. Select a day.

17. Select a time.

18. Select "Save".

The application must, at a minimum, offload interconnected systems in real time and offload standalone systems weekly.

Description

Remediation Templates

A Manual Procedure