Other resources

Release Notes

Overview

Tanium Comply™ (Comply) allows users to support their enterprise compliance goals at Tanium speed. Comply is primarily used for operating system-level checks and scales using the Tanium architecture. It features the following benefits:

  • Evaluates benchmarks and vulnerabilities against operating systems, network configuration, password policy, file permissions, and other components
  • Supports Windows, Linux, and macOS platforms
  • Supports Center for Internet Security (CIS) content
  • Enables custom checks and result mapping

Comply terminology

The following are definitions of terms used in Comply:

Security Content Automation Protocol (SCAP)

Comply uses SCAP content to perform compliance checks. These specifications are derived from the input of a community of industry professionals working to advance automation and standardization of technical security operations.

Extensible Configuration Checklist Description Format (XCCDF)

Collection of security configuration rules (primarily composed of OVAL checks) applied against endpoints. XCCDF does not include commands to perform the scan; it is mostly descriptive. Rule evaluation is defined in OVAL. XCCDF files are sometimes called benchmarks or checklists.

Open Vulnerability and Assessment Language (OVAL)

A declarative language that defines how a rule is evaluated. OVAL makes logical assertions about the state of a system and is used to describe security vulnerabilities or desired configuration of systems.

Common Vulnerabilities and Exposures (CVE)

A public database of known vulnerabilities.

Vulnerability source

A path to a local Open Vulnerability and Assessment Language (OVAL) definitions file or a URL to a remote OVAL definitions file.

Custom check

An arbitrary powershell, VBScript, or UNIX shell script used to evaluate conditions on an endpoint.

Custom ID mapping

Maps custom check ID or XCCDF rule ID to arbitrary value. Helpful in mapping CIS content to some other policy or associating arbitrary tags with rules.

Report

A package containing a zip file of all XCCDF benchmarks, custom check scripts, custom profile definitions, and optional custom ID mapping definition. A report includes the action to distribute to selected computer groups as well as the saved question to retrieve scan results from endpoints.

Scheduling actions in Comply

When the scheduling option is available in Comply functions, such as when you create reports, the following fields are available:

Field Value

Start at

End at

When Recurring is selected for Schedule, complete these fields to limit the report to run only during a specific time period.
Distribute over Select and enter values to run the report over minutes, hours, or days.
Reissue every Select and define the interval in minutes, hours, or days in which the report will run.

Last updated: 8/10/2017 4:57 PM | Feedback