Skip to content

The Tanium Threat Response Local Directory Source must be configured to restrict access to only authorized maintainers of threat intel.

An XCCDF Rule

Description

<VulnDiscussion>Using trusted and recognized indicator of compromise (IOC) sources may detect and prevent systems from becoming compromised. An IOC stream is a series or stream of intel that is imported from a vendor based on a subscription service or manually downloaded and placed in a folder. Threat Response can be configured to retrieve the IOC content on a regularly scheduled basis. The items in an IOC stream can be manipulated separately after they are imported.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-253866r842626_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

1. Access the Tanium Module Server interactively.

2. Log on to the server with an account that has administrative privileges.

3. Open an Explorer window.