Check: TANS-00-000655
Tanium 7.3 STIG:
TANS-00-000655
(in versions v2 r2 through v1 r1)
Title
Tanium must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner. (Cat II impact)
Discussion
Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the system. Changes to information system configurations can have unintended side effects, some of which may be relevant to security. Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the application. Examples of security responses include, but are not limited to the following: halting application processing; halting selected application functions; or issuing alerts/notifications to organizational personnel when there is an unauthorized modification of a configuration item.
Check Content
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI). Log on with CAC. Click on the navigation button (hamburger menu) on the top left of the console. Click on the module "Integrity Monitor". Click on "Monitors" from the left menu. Ensure "Monitors" are deployed with applicable Watchlists and Endpoints. Record any that have a number greater than "0" otherwise, this is a finding. If using third party integrity monitoring tools, this is Not Applicable.
Fix Text
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI). Log on with CAC. Click on the navigation button (hamburger menu) on the top left of the console. Click on the module "Integrity Monitor". Click "Watchlist" from the left menu. "Create a New Watchlist" in the upper right corner. Add Name and Description of the new Watchlist. Select "Path Style" that fits your enterprise needs. Select "Create". Click on the new Watchlist. Select "Add Paths". Add paths to be monitored (Work with your TAM to determine correct paths). Click "Monitor" from the left menu. "Create a New Monitor" in the upper right corner. Add "Name" Add "Description". Add computers for the new Monitor along with Watchlist. Click "Create". Select "Deploy Monitors".
Additional Identifiers
Rule ID: SV-234032r612749_rule
Vulnerability ID: V-234032
Group Title: SRG-APP-000379
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001744 |
The information system implements organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner. |
Controls
Number | Title |
---|---|
CM-3 (5) |
Automated Security Response |