From Tanium 6.5 Security Technical Implementation Guide
Part of SRG-APP-000033
Associated with: CCI-000213
Computer Groups allow a site running Tanium to assign responsibility of specific Computer Groups to specific Tanium console users. By doing so, a desktop administrator, for example, will not have the ability to enforce an action against a high visibility server.
Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC. Click on "Administration". Select the "Computer Groups" tab. Under the "Group Name" column, verify specific groups exist other than the default "All Computers" and "No Computers". If site or organization specific computer groups do not exist, this is a finding.
Using a web browser on a system that has connectivity to the Tanium Server, access the Tanium Server web user interface (UI) and log on with CAC. Click on "Administration". Select the "Computer Groups" tab. Configure specific Computer Groups in order to facilitate the management of computers by authorized individuals for those computers. Note: Active Directory Computer Groups may also be used to sync with Tanium Computer Groups as a means to satisfy this requirement.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer