The Tanium documentation identifying recognized and trusted IOC Detect streams must be maintained.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-67047 | TANS-SV-000007 | SV-81537r1_rule | Medium |
| Description |
|---|
| An IOC stream is a series or “stream” of IOCs that are imported from a vendor based on a subscription service. An IOC stream can be downloaded manually or on a scheduled basis. The items in an IOC stream can be separately manipulated after they are imported. |
| STIG | Date |
|---|---|
| Tanium 6.5 Security Technical Implementation Guide | 2016-09-29 |
Details
| Check Text ( C-67683r1_chk ) |
|---|
| Consult with the Tanium System Administrator to review the documented list of IOC trusted stream sources. If the site does not have IOC trusted stream sources documented, this is a finding. |
| Fix Text (F-73147r1_fix) |
|---|
| Prepare and maintain documentation identifying the Tanium IOC trusted stream sources. |