STIGQter STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018: The Tanium IOC Detect must be configured to receive IOC streams only from trusted sources.

DISA Rule

SV-93377r1_rule

Vulnerability Number

V-78671

Group Title

SRG-APP-000039

Rule Version

TANS-SV-000008

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "IOC Detect".

Along the top right side of the interface, click on the icon with the gear.

Select "IOC Streams" from the headers within the "Settings" window.

Delete IOC streams that are configured to a non-trusted source, or reconfigure to point to a trusted source.

Check Contents

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "IOC Detect".

Along the top right side of the interface, click on the icon with the gear.

Select "IOC Streams" from the headers within the "Settings" window.

Verify all configured IOC Detect Streams are configured to a documented trusted source.

If any configured IOC Detect Stream is configured to a stream that has not been documented as trusted, this is a finding.

Vulnerability Number

V-78671

Documentable

False

Rule Version

TANS-SV-000008

Severity Override Guidance

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "IOC Detect".

Along the top right side of the interface, click on the icon with the gear.

Select "IOC Streams" from the headers within the "Settings" window.

Verify all configured IOC Detect Streams are configured to a documented trusted source.

If any configured IOC Detect Stream is configured to a stream that has not been documented as trusted, this is a finding.

Check Content Reference

M

Target Key

3215

Comments