Overview

Use Comply to evaluate endpoints for security configuration exposures and software vulnerabilities using industry security standards, vulnerability definitions, and custom compliance checks. With complete results on-demand and comprehensive, enterprise-wide results, you can reduce your organization's overall risk, improve your security hygiene, and simplify preparation for industry compliance audits such as Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley Act (SOX).

Comply utilizes Security Content Automation Protocol (SCAP) compliant content, such as standards published by the Defense Information Systems Administration (DISA) or the Center for Internet Security (CIS), to evaluate operating systems and applications for configuration of password policies, file permissions, and other components. Comply supports Windows, macOS, Linux, AIX, and Solaris endpoints.

Get up and running

Once the initial installation (Installing Comply) setup of Comply (Configuring Comply) is complete, perform the following tasks to collect, evaluate, and organize data into reports.

Import scan engines and setup endpoints

A scan engine evaluates endpoints for security configuration exposures and software vulnerabilities using industry security standards, vulnerability definitions, and custom compliance checks. At least one scan engine is required to use Comply. Most organizations can use the included Tanium Scan Engine and Amazon Coretto JRE and do not need to upload any scan engines or JREs. Once you determine scan engines and JREs are in place, you can use the default targeting (Tanium Comply Action Group) or configure custom targeting.

Refer to the following documentation:

Import standards

A standard is a collection of checks that are run on endpoints. Standards are used in compliance and vulnerability assessments. Import compliance and vulnerability standards, and optionally create custom profiles to specify a subset of standards to be deployed to endpoints. For example, you may have a baseline of compliance and vulnerability standards you regularly check for.

Refer to the following documentation:

Configure assessments

An assessment is what you use to deploy a scan engine and a standard to endpoints for running checks. Configure a compliance assessment by selecting a scan engine, a standard, and endpoints to target. Configure a vulnerability assessment by selecting a scan engine, a vulnerability library, and one or more CVEs. An assessment can be changed or edited at any time. You can also create a regular schedule for running an assessment.

Refer to the following documentation:

View findings and create reports

A finding is the output or result of an assessment on an endpoint. Findings can be filtered and sorted using multiple criteria, including status (pass/fail), standard, and endpoint. Filtered compliance and vulnerability findings can be saved as reports, allowing you to customize and re-run reports using any combination of available finding data you choose.

Refer to the following documentation:

Monitor the dashboard

Once you've completed the tasks above and begin to receive results, you will spend the majority of your time viewing the metrics displayed in the dashboard. The Comply dashboard, located on the Overview page, features Tanium Trends boards that provide data visualization of Comply findings. At a glance, you can view the overall health of your environment and if necessary, drill down to investigate any issues.

Refer to the following documentation:

Also refer to Succeeding with Comply for a getting started checklist.

Integration with other Tanium products

Comply has built in integration with other Tanium solutions, such as Tanium™ Connect, Tanium™ Patch, and Tanium™ Trends for additional reporting of related data.

Connect

You can use Comply vulnerability reports as a connection source. For more information, see Exporting vulnerability reports.

Patch

You can open Patch from a link in Comply vulnerability reports results to view details about the patch that resolves a reported vulnerability. You can also install the patch to endpoints directly from the patch details page. For more information, see Vulnerability report results.

Trends

Comply features Trends boards that provide data visualization of Comply concepts.

The Comply board displays information about your Comply deployment, compliance exposures, vulnerability findings, tools deployed, and scanning status. The Comply board includes the following sections and panels:

  • Coverage
    • Coverage
  • Visibility
    • Is Vulnerable
  • Deployment
    • Tools Deployed - Last 30 Days
    • Tools Outdated - Last 30 Days
    • Scan Engines Deployed - Last 30 Days
  • Effectiveness
    • Compliance Exposures - Last 30 Days
    • Vulnerability Findings - Last 30 Days
  • Operationalization
    • Endpoint Scanned - Last 30 Days