STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018: STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:SV-93293r1_rule
V-78587
SRG-APP-000328
TANS-CL-000006
CAT II
10
Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC.
From the Dashboard, under "Client Service Hardening", click on "Hide From Add-Remove Programs".
The results will show a "Count" of clients matching the "Tanium Client Visible in Add-Remove Programs" query.
Select the result line.
Choose "Deploy Action".
The "Deploy Action" dialog box will display "Client Service Hardening - Hide Client from Add-Remove Programs" as the package. The computer names comprising the "Count" of non-compliant systems will be displayed in the bottom.
Deployment Package drop-down select "Client Service Hardening - Hide Client from Add-Remove Programs".
Configure the schedule to repeat at least every hour for the requested action.
Under "Targeting Criteria", in the Action Group select "All Computers" from the drop-down.
Click on "Show preview to continue". Non-compliant systems will be displayed in the bottom.
Click on "Deploy Action".
Verify settings and click on "Show Client Status Details".
Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.
Click on the navigation button (hamburger menu) on the top left of the console.
Click on "Administration".
Select the "Scheduled Actions" tab.
Look for a scheduled action titled "Client Service Hardening - Hide Client from Add-Remove Programs".
If a scheduled action titled "Client Service Hardening - Hide Client from Add-Remove Programs" does not exist, this is a finding.
If the scheduled action exists, select it and if it is not approved (the "Approve" button at the top of the section will be displayed if not approved), this is a finding.
If the scheduled action exists and has been approved but does not disable the visibility of the client in Add-Remove Programs, this is a finding.
If the action is not configured to repeat at least every hour, this is a finding.
V-78587
False
TANS-CL-000006
Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.
Click on the navigation button (hamburger menu) on the top left of the console.
Click on "Administration".
Select the "Scheduled Actions" tab.
Look for a scheduled action titled "Client Service Hardening - Hide Client from Add-Remove Programs".
If a scheduled action titled "Client Service Hardening - Hide Client from Add-Remove Programs" does not exist, this is a finding.
If the scheduled action exists, select it and if it is not approved (the "Approve" button at the top of the section will be displayed if not approved), this is a finding.
If the scheduled action exists and has been approved but does not disable the visibility of the client in Add-Remove Programs, this is a finding.
If the action is not configured to repeat at least every hour, this is a finding.
M
3215