The Tanium Threat Response Local Directory Source must be configured to restrict access to only authorized maintainers of threat intel.
An XCCDF Rule
Description
<VulnDiscussion>Using trusted and recognized indicator of compromise (IOC) sources may detect and prevent systems from becoming compromised. An IOC stream is a series or stream of intel that is imported from a vendor based on a subscription service or manually downloaded and placed in a folder. Threat Response can be configured to retrieve the IOC content on a regularly scheduled basis. The items in an IOC stream can be manipulated separately after they are imported.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-253866r842626_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
1. Access the Tanium Module Server interactively.
2. Log on to the server with an account that has administrative privileges.
3. Open an Explorer window.