Tanium must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-234032	TANS-00-000655	SV-234032r612749_rule		Medium

Description
Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the system. Changes to information system configurations can have unintended side effects, some of which may be relevant to security. Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the application. Examples of security responses include, but are not limited to the following: halting application processing; halting selected application functions; or issuing alerts/notifications to organizational personnel when there is an unauthorized modification of a configuration item.

Description

Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the system. Changes to information system configurations can have unintended side effects, some of which may be relevant to security. Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the application. Examples of security responses include, but are not limited to the following: halting application processing; halting selected application functions; or issuing alerts/notifications to organizational personnel when there is an unauthorized modification of a configuration item.

STIG	Date
Tanium 7.3 Security Technical Implementation Guide	2021-12-20

Details

Check Text ( C-37217r610596_chk )
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI). Log on with CAC. Click on the navigation button (hamburger menu) on the top left of the console. Click on the module "Integrity Monitor". Click on "Monitors" from the left menu. Ensure "Monitors" are deployed with applicable Watchlists and Endpoints. Record any that have a number greater than "0" otherwise, this is a finding. If using third party integrity monitoring tools, this is Not Applicable.

Check Text ( C-37217r610596_chk )

Fix Text (F-37182r610597_fix)
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI). Log on with CAC. Click on the navigation button (hamburger menu) on the top left of the console. Click on the module "Integrity Monitor". Click "Watchlist" from the left menu. "Create a New Watchlist" in the upper right corner. Add Name and Description of the new Watchlist. Select "Path Style" that fits your enterprise needs. Select "Create". Click on the new Watchlist. Select "Add Paths". Add paths to be monitored (Work with your TAM to determine correct paths). Click "Monitor" from the left menu. "Create a New Monitor" in the upper right corner. Add "Name" Add "Description". Add computers for the new Monitor along with Watchlist. Click "Create". Select "Deploy Monitors".

Fix Text (F-37182r610597_fix)

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on the module "Integrity Monitor".

Click "Watchlist" from the left menu.

"Create a New Watchlist" in the upper right corner.

Add Name and Description of the new Watchlist.

Select "Path Style" that fits your enterprise needs.

Select "Create".

Click on the new Watchlist.

Select "Add Paths".

Add paths to be monitored (Work with your TAM to determine correct paths).

Click "Monitor" from the left menu.

"Create a New Monitor" in the upper right corner.

Add "Name"

Add "Description".

Add computers for the new Monitor along with Watchlist.

Click "Create".

Select "Deploy Monitors".