Overview

Use Comply to evaluate endpoints for security configuration exposures and software vulnerabilities using industry security standards, vulnerability definitions, and custom compliance checks. With complete results on-demand and comprehensive, enterprise-wide results, you can reduce your organization's overall risk, improve your security hygiene, and simplify preparation for industry compliance audits such as Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley Act (SOX).

Comply utilizes Security Content Automation Protocol (SCAP) compliant content, such as standards published by the Defense Information Systems Administration (DISA) or the Center for Internet Security (CIS), to evaluate operating systems and applications for configuration of password policies, file permissions, and other components. Comply supports Windows, macOS, Linux, AIX, and Solaris endpoints.

Get up and running

Once the initial installation (Installing Comply) setup of Comply (Configuring Comply) is complete, perform the following tasks to collect, evaluate, and organize data into reports.

Import scan engines and setup endpoints

A scan engine evaluates endpoints for security configuration exposures and software vulnerabilities using industry security standards, vulnerability definitions, and custom compliance checks. At least one scan engine is required to use Comply. Most organizations can use the included Tanium Scan Engine and Amazon Coretto JRE and do not need to upload any scan engines or JREs. Once you determine scan engines and JREs are in place, you can use the default targeting (Tanium Comply Action Group) or configure custom targeting.

Refer to the following documentation:

• Working with scan engines and JREs

• Setting up endpoints

Import standards

A standard is a collection of checks that are run on endpoints. Standards are used in compliance and vulnerability assessments. Import compliance and vulnerability standards, and optionally create custom profiles to specify a subset of standards to be deployed to endpoints. For example, you may have a baseline of compliance and vulnerability standards you regularly check for.

Refer to the following documentation:

• Working with standards and vulnerability sources

• Customizing compliance results

Configure assessments

An assessment is what you use to deploy a scan engine and a standard to endpoints for running checks. Configure a compliance assessment by selecting a scan engine, a standard, and endpoints to target. Configure a vulnerability assessment by selecting a scan engine, a vulnerability library, and one or more CVEs. An assessment can be changed or edited at any time. You can also create a regular schedule for running an assessment.

Refer to the following documentation:

• Creating compliance assessments

• Creating vulnerability assessments

View findings and create reports

A finding is the output or result of an assessment on an endpoint. Findings can be filtered and sorted using multiple criteria, including status (pass/fail), standard, and endpoint. Filtered compliance and vulnerability findings can be saved as reports, allowing you to customize and re-run reports using any combination of available finding data you choose.

Refer to the following documentation:

• Filtering findings for reports

Monitor the dashboard

Once you've completed the tasks above and begin to receive results, you will spend the majority of your time viewing the metrics displayed in the dashboard. The Comply dashboard, located on the Overview page, features Tanium Trends boards that provide data visualization of Comply findings. At a glance, you can view the overall health of your environment and if necessary, drill down to investigate any issues.

Refer to the following documentation:

• Interoperability with other Tanium products

• Tanium Trends User Guide

• Working with reports

Also refer to Succeeding with Comply for a getting started checklist.

Interoperability with other Tanium products

Comply works with other Tanium solutions, such as Tanium™ Connect and Tanium™ Patch for additional reporting of related data.

Connect

You can use Comply vulnerability reports as a connection source. For more information, see Exporting vulnerability reports.

Patch

You can open Patch from a link in Comply vulnerability reports results to view details about the patch that resolves a reported vulnerability. You can also install the patch to endpoints directly from the patch details page. For more information, see Vulnerability report results.

Reporting

When you filter Findings by endpoint, you can click the icon for an individual endpoint to view more details. From the details pop-up, you can click the View Details button to go to Tanium Reporting. For more information, see Working with reports.