The Tanium operating system (TanOS) must offload audit records onto a different system or media than the system being audited.

An XCCDF Rule

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-OS-000342, SRG-OS-000479, SRG-OS-000215, SRG-OS-000062

ID: SV-254862r866127_rule
Version: TANS-OS-001030
Severity: Medium
References: CCI-000169 CCI-001348 CCI-001851
Updated: 5 days ago

Remediation Templates

1. Access the TanOS interactively.

2. Press "A" for "Appliance Configuration Menu," and then press "Enter".

3. Press "4" for "Syslog Configuration," and then press "Enter".
4. Press "5" for "Configure syslog forwarding," and then press "Enter".

5. Enter the destination host (IP address or hostname) provided by the SIEM administrator, and then press "Enter".

6. Enter the destination port number and press "Enter".

7. If TLS is required for this syslog destination, enter "Yes", otherwise enter "No", and then press "Enter".

8. Enter the destination protocol, "udp" or "tcp", and then press "Enter".

9. Work with the SIEM administrator to validate events are being received.

The Tanium operating system (TanOS) must offload audit records onto a different system or media than the system being audited.

Description

Remediation Templates

A Manual Procedure