Succeeding with Comply

.

.

Follow these best practices to achieve maximum value and success with Tanium Comply. These steps align with the key standards metrics: Comply coverage across endpoints and decreasing the number of endpoints with critical or high vulnerabilities.

Step 1: Gain organizational effectiveness

Complete the key organizational governance steps to maximize Comply value. For more information about each task, see Gaining organizational effectiveness.

Develop a dedicated change management process.

Define distinct roles and responsibilities in a RACI chart.

Validate cross-functional organizational alignment.

Track operational metrics.

Step 2: Install Tanium modules

Install Tanium Connect. See Tanium Connect User Guide: Installing Connect.

Install Tanium Patch. See Tanium Patch User Guide: Installing Patch.

Install Tanium Comply. See Installing Comply.

Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.

Install Tanium Client Management and Tanium Endpoint Configuration. See Tanium Client Management User Guide: Installing.

Import the Comply board from the Trends initial gallery. See Tanium Trends User Guide: Importing the initial gallery. If you installed Trends using the Apply Tanium recommended configurations option, the Comply board is automatically imported

Step 3: Step 2: Configure Comply

Create computer groups for use in reports that include your supported Windows, macOS, Linux, AIX, and Solaris endpoints. See Tanium Console User Guide: Create computer groups.

If you install Comply using the Apply Tanium recommended configurations option, several Several computer groups are created automatically. See Requirements.

Step 4: Step 3: Create deployments

Define the criteria for testing groups, which can be the computer groups that you created when you configured Comply or that were created automatically if you installed Comply using the Apply All Tanium recommended configurations option.

Define the success criteria and timelines for your testing.

Define your production rollout of Comply. Do you want a phased rollout, or do you want to target all of your production endpoints at the same time?

Create deployments based on the architecture and platform of the targeted endpoints. Deploy each new deployment to begin distributing the Comply tools and scan engines to targeted endpoints. See Setting up endpoints.

If you install Comply using Tanium Recommended Installation workflow, deployments Deployments are created automatically to deploy the Comply tools and the Tanium Scan Engine (powered by JovalCM) to endpoints.

Step 5: Step 4: Configure standards

If needed, upload additional supported configuration compliance standards. See Importing individual standards and assigning categories.

If needed, configure additional vulnerability sources. See Create a new vulnerability source.

Step 6: Step 5: Create assessments

Create a configuration compliance assessment that uses the Tanium Certified Standards and targets enterprise endpoints. See Creating compliance assessments.

If you install Comply using the Apply All Tanium recommended configurations option, default Default configuration compliance reports are created for each operating system.

Create a vulnerability assessment that uses the Tanium Vulnerability Library vulnerability definitions and targets enterprise endpoints. See Creating vulnerability assessments.

If you install Comply using the Apply All Tanium recommended configurations option, default Default vulnerability assessments are created for each operating system.

Wait for the assessments to complete.

Step 6A: Step 5A: Create remote authenticated scan assessments

Remote authenticated scanning uses Tanium Clients as satellites to scan endpoints that do not have the Tanium Client installed. This scan type is useful for obtaining information from endpoints and subnets that do not support having the Tanium Client installed.

Install all Tanium solutions required for remote authenticated scanning. See Remote authenticated scanning requirements.

Configure RBAC permissions for creating remote authenticated scans. The Comply RAS Assessment Creator RBAC role is required. See User role requirements

Create satellites in Tanium Direct Connect. See Tanium Direct Connect User Guide: Managing satellites.

It is recommended that endpoints that are used as satellites have 16 gigabytes (GB) RAM and 4 CPUs.

Running remote authenticated scans from AIX or Solaris satellites is not supported at this time.
Using a zone server as a satellite is not supported at this time.

Create Tanium Discover satellite scans. See Tanium Discover User Guide: Running satellite scans

Promote interfaces to Tanium Data Service (TDS) in Tanium Discover. See Tanium Discover User Guide: Managing interfaces.

If an endpoint does not match Tanium Discover's Promote Unmanaged Interface label, that endpoint is not promoted to TDS. If an endpoint is not promoted to TDS, it cannot be scanned by Comply.

Configure credentials in Tanium Comply. See Configure credentials lists for remote-authenticated scans.

Use as few sets of credentials as possible for any credential lists used for satellite scans. The more credentials you use, the greater risk you run of credentials failing and possibly triggering security alerts or account lockouts.

Create compliance and vulnerability remote authenticated scan assessments that use satellites to scan unmanaged endpoints. See Configure a remote-authenticated scan assessment.

Wait for the assessments to complete.

Step 7: Step 6: Create reports

Create a configuration compliance report that uses the Tanium Certified Standards and targets enterprise endpoints. See Create reports from findings.

If you install Comply using the Apply All Tanium recommended configurations option, default Default configuration compliance reports are created for each operating system.

Create a vulnerability report that uses the Tanium Vulnerability Library vulnerability definitions and targets enterprise endpoints. See Create reports from findings.

If you install Comply using the Apply All Tanium recommended configurations option, default Default vulnerability reports are created for each operating system.

Wait for the reports to complete.

If needed, use Tanium Connect to export data from vulnerability reports. See Documentation Home > Tanium Modules > Tanium Comply User Guide.

Step 8: Step 7: Monitor Comply metrics

From the Trends menu, click Boards and then click Comply to view the Coverage, Is Compliant, and Is Vulnerable panel.

Monitor and troubleshoot Comply coverage.

Monitor and troubleshoot endpoints with critical or high vulnerabilities.