V-253839
Tanium 7.x Security Technical Implementation Guide
Title
Content providers must provide their public key to the Tanium administrator to import for validating signed content.
Description
<VulnDiscussion>A Tanium Sensor, also called content, enables an organization to gather real-time inventory, configuration, and compliance data elements from managed computers. Sensors gather specific information from the local device and then write the results to the computer's standard output channel. The Tanium Client captures that output and forwards the results through the platform's unique "ring" architecture for display in the Tanium Console. The language used for Sensor development is b...
Fix Text (Documentation Requirement)
Obtain the public key from the content providers and validate the keys are present in the Tanium folders. If the public keys are found for nontrusted content providers, remove the associated signing key and remove any content imported by that provider. 1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Open an Explorer window. 4. Navigate to the following folder: Program Files >> Tanium >> Tanium Server >> content_public_keys >> content folder. 5. Copy any trusted source's .pub keys into the folder and document them. 6. Remove any nontrusted source's .pub keys from the folder.