Title

File integrity monitoring of critical executables that Tanium uses must be configured. (Cat II impact)

Discussion

Tanium inherently watches files and their respective hash values for change but while Tanium can do file integrity checks of critical executables, it is important to conduct File Integrity Monitoring (FIM) via an outside service such as Host Based Security System (HBSS) or similar security suites with FIM capability. These technologies provide independent monitoring of critical Tanium and system binaries.

Check Content

If the site is using Tanium Index, Index should be used to monitor the file integrity of Tanium critical files. If Tanium Index is not installed, a third-party file integrity monitoring tool must be used to monitor Tanium critical executables, defined as all files in the Tanium Server installed path. If the file integrity of Tanium critical executables is not monitored, this is a finding.

Fix Text

Implement a file integrity monitoring system to monitor the Tanium critical executable files.

Additional Identifiers

Rule ID: SV-81609r1_rule

Vulnerability ID: V-67119

Group Title: SRG-APP-000377

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.