STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

DISA Rule

SV-234064r612749_rule

Vulnerability Number

V-234064

Group Title

SRG-APP-000359

Rule Version

TANS-CN-000022

Severity

CAT II

CCI(s)

• CCI-001855 - The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Weight

10

Fix Recommendation

Consult with the Tanium system administrator or database administrator to determine the volume on which the Tanium SQL databases are installed.

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Interact".

Enter "Get Disk Free Space from all machines with Computer Name containing "[Your SQL Computer Name].

Press "Enter".

Select "Save this question" located under the Question box.

Enter a name (e.g., SQL Disk Free Space).

Select "Create Saved Question".

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Connect".

Select "Create Connection".

In the Sources and Destination section, select "Saved Question" from the drop-down menu.

Enter the "Saved Question Name" created above or select from the drop-down menu.

Select the "Computer Group" name from the drop-down menu.

Select the desired destination from the drop-down menu (must be a SIEM tool).

In the General Information section, provide a name and description.

Select "Create Connection" at bottom of the page.

Work with the SIEM administrator to configure an alert when Disk Free Space of the Tanium SQL Server reaches below 25% of maximum.

Check Contents

Consult with the Tanium system administrator or database administrator to determine the volume on which the Tanium SQL databases are installed.

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Connect".

Review the configured Sources.

If none exist to send Disk Free Space of the Tanium SQL Server, this is a finding.

Work with the SIEM administrator to determine if an alert is configured when Disk Free Space of the Tanium SQL Server reaches below 25%.

If there is no alert configured, this is a finding.

Vulnerability Number

V-234064

Documentable

False

Rule Version

TANS-CN-000022

Severity Override Guidance

Consult with the Tanium system administrator or database administrator to determine the volume on which the Tanium SQL databases are installed.

Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI).

Log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Connect".

Review the configured Sources.

If none exist to send Disk Free Space of the Tanium SQL Server, this is a finding.

Work with the SIEM administrator to determine if an alert is configured when Disk Free Space of the Tanium SQL Server reaches below 25%.

If there is no alert configured, this is a finding.

Check Content Reference

M

Target Key

5259

Comments