STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tanium 7.x Security Technical Implementation Guide

V-253785

CAT II (Medium)

The Tanium Server and Client applications must have logging enabled.

Rule ID

SV-253785r997226_rule

STIG

Tanium 7.x Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001665

Discussion

Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving application state information helps to facilitate application restart and return to the operational mode of the organization with less disruption to mission-essential processes.

Check Content

For Tanium Server:

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web user interface (UI) and log on with multifactor authentication. 

2. Click "Administration" on the top navigation banner. 

3. Under "Configuration", select "Logging".

4. Select "Log Level".

If the value for the current level for "Tanium Server" and "Tanium Module Server" is not set to "1" or higher, this is a finding.

For Tanium Client:

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI. Log on with multifactor authentication.

2. Click "Modules" on the top navigation banner.

3. Click "Interact".

4. In the "Explore Data" box, type the following question:

Get Tanium Client Explicit Setting[LogVerbosityLevel] < 1 and Is Windows from all machines with Tanium Client Explicit Setting[LogVerbosityLevel] < 1

If any answers are returned that are "0", this is a finding.

Fix Text

For Tanium Server:

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication. 

2. Click "Administration" on the top navigation banner. 

3. Under "Configuration", select "Logging".

4. In "Log Verbosity Level for Troubleshooting", set "Tanium Server" and "Tanium Module Server" to "1". 

For Tanium Client:

1. Using a web browser on a system that has connectivity to the Tanium application, access the Tanium application web UI and log on with multifactor authentication.

2. Click "Modules" on the top navigation banner.

3. Click "Interact".

4. In the "Explore Data" box, type the following question:

Get Tanium Client Explicit Setting[LogVerbosityLevel] < 1 and Is Windows from all machines with Tanium Client Explicit Setting[LogVerbosityLevel] < 1

5. Select the row with "Is windows" set to "True" and deploy the following action and settings:
    a) Deployment Package: Modify Tanium Client Setting
    b) RegType: REG_DWORD
    c) ValueName: LogVerbosityLevel
    d) ValueData: 1 or higher
    
    Schedule Deployment
    a) Distribute over: 1 hour

6. Click "Show Preview to continue".

7. Click "Deploy Action".

8. Select the row with "Is windows" set to "False" and deploy the following action and settings:
    a) Deployment Package: Modify Tanium Client Setting [Non-Windows]
    b) RegType: NUMERIC
    c) ValueName: LogVerbosityLevel
    d) ValueData: 1 or higher
    
    Schedule Deployment
    a) Distribute over: 1 hour

9. Click "Show Preview to continue".

10. Click "Deploy Action".