STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

Tanium must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.

DISA Rule

SV-93339r1_rule

Vulnerability Number

V-78633

Group Title

SRG-APP-000359

Rule Version

TANS-CN-000022

Severity

CAT II

CCI(s)

• CCI-001855 - The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Weight

10

Fix Recommendation

Consult with the Tanium system administrator or database administrator to determine the volume on which the Tanium SQL databases are installed.

Using a web browser on a system that has connectivity to Tanium, access the Tanium web UI and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Interact".

Enter "Get Disk Free Space from all machines with Computer Name containing "[Your SQL Computer Name].

Press "Enter".

Select "Save this question" located under the Question box.

Enter a name (e.g., SQL Disk Free Space).

Select "Create Saved Question".

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Connect".

Select "Create Connection".

In the Sources and Destination section select "Saved Question" from the drop-down menu.

Enter the "Saved Question Name" created above or select from the drop-down menu.

Select the "Computer Group" name from the drop-down menu.

Select the desired destination from the drop-down menu (must be a SIEM tool).

In the General Information section, provide a name and description.

Select "Create Connection" at bottom of the page.

Work with the SIEM administrator to configure an alert when Disk Free Space of the Tanium SQL Server reaches below 25 percent of maximum.

Check Contents

Consult with the Tanium system administrator or database administrator to determine the volume on which the Tanium SQL databases are installed.

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Connect".

Review the configured Sources.

If none exist to send Disk Free Space of the Tanium SQL Server, this is a finding.

Work with the SIEM administrator to determine if an alert is configured when Disk Free Space of the Tanium SQL Server reaches below 25 percent.

If there is no alert configured, this is a finding.

Vulnerability Number

V-78633

Documentable

False

Rule Version

TANS-CN-000022

Severity Override Guidance

Consult with the Tanium system administrator or database administrator to determine the volume on which the Tanium SQL databases are installed.

Using a web browser on a system that has connectivity to Tanium, access the Tanium web user interface (UI) and log on with CAC.

Click on the navigation button (hamburger menu) on the top left of the console.

Click on "Connect".

Review the configured Sources.

If none exist to send Disk Free Space of the Tanium SQL Server, this is a finding.

Work with the SIEM administrator to determine if an alert is configured when Disk Free Space of the Tanium SQL Server reaches below 25 percent.

If there is no alert configured, this is a finding.

Check Content Reference

M

Target Key

3215

Comments