Installing Comply

Before installing Comply, refer to Requirements. The installation of Comply is done from the Tanium Console.

Import solution

  1. Log into the Tanium Console using an account with Administrator privileges.
  2. Select Tanium Solutions from the main menu.
  3. Click Import X.X.X.X (where X.X.X.X is the current module version number) under Comply.

  4. Tanium Comply is a Tanium licensed solution. Contact your TAM to obtain a license if you do not have one.

  5. If you are prompted, click Proceed with Import. Enter your credentials. This begins the Tanium Comply installation and configuration process.

After the Tanium Comply installation and configuration process completes, you see the message Import completed successfully, and Comply appears in the main menu.

Upgrade Comply

When there is a new version of Comply available, you will be prompted to Upgrade to X.X.X.X (where X.X.X.X is the new module version number) under Comply on the Tanium Solutions page. The upgrade steps are the same as the import steps.

When you upgrade Comply, a red error message will be displayed if a deployment's tools are out of date. To deploy the latest tools to deployments with this error, click Redeploy. This will upgrade the tools on endpoints to the latest version the next time the tools installation action runs.

Set up Comply

The Comply Home page shows statistics, reports, errors, and initial tasks. The Home page will guide you through the following tasks you need to complete before using Comply.:

  • Configure service account
  • Upload engines
  • Create deployments
  • Create reports

Use the Manage Home Page link at the top right of the page to configure the sections you see at start up. You may not need to see each section once you have completed the initial tasks.

Reports and statistics on the Comply Home page may not be updated immediately with current results since this data is updated every 10 minutes.

Create a service account

A service account is required to use run background Comply functions such as populating home page data. You will see a Required Comply Settings: Set Service Account yellow banner across the top of the Comply Home page if no service account has been set up.

  1. Click Configure Now and enter a Username and Password under Service Account.

    The service account must be a Comply Admin User (when using Tanium Server 7.1 or later) or, at minimum, a Content Administrator in a non-RBAC environment. See User role requirements for more information. The user should also be granted access to any computer groups that may have Comply reports run against them.

  2. Click Create Service Account. Enter your credentials in the next window.

    To change the service account at any time, click Settings the Home page. Click Service Account on the Application Settings tab and then click Remove Service Account.

Upload scan engines

Scan engines are used to evaluate OVAL or SCAP content and generate configuration compliance and vulnerability reports. At least one scan engine is required to use Comply, but more than one can be uploaded and used if desired. Comply 1.7.4 and later ships with the Joval engine; however, there is no content included with that engine. You can upload other engines if required. See Importing scan engines. CIS-CAT, Joval, and SCC engines are currently supported by Comply. To use CIS-CAT or Joval, a JRE (Java Runtime Environment) must also be provided.

Last updated: 5/7/2019 6:16 PM | Feedback