Succeeding with Comply
Follow these best practices to achieve maximum value and success with Tanium Comply. These steps align with the key standards metrics: Comply coverage across endpoints and decreasing the number of endpoints with critical or high vulnerabilities.
Complete the key organizational governance steps to maximize Comply value. For more information about each task, see Gaining organizational effectiveness.
Develop a dedicated change management process.
Define distinct roles and responsibilities in a RACI chart.
Validate cross-functional organizational alignment.
Track operational metrics.
Install Tanium Connect. See Tanium Connect User Guide: Installing Connect.
Install Tanium Patch. See Tanium Patch User Guide: Installing Patch.
Install Tanium Comply. See Installing Comply.
Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.
Install Tanium Client Management and Tanium Endpoint Configuration. See Tanium Client Management User Guide: Installing.
Import the Comply board from the Trends initial gallery. See Tanium Trends User Guide: Importing the initial gallery. If you installed Trends using the Apply Tanium recommended configurations option, the Comply board is automatically imported after the Comply service account is configured.
Create computer groups for use in reports that include your supported Windows, macOS, Linux, AIX, and Solaris endpoints. See Tanium Console User Guide: Create computer groups.
Configure the Comply service account. See Configure the service account.
If you install Comply using the Tanium Recommended Installation workflow option, the service account is automatically set to the account that you used to install Comply.
Define the criteria for testing groups, which can be the computer groups that you created when you configured Comply or that were created automatically if you installed Comply using the Apply Tanium recommended configurations option.
Define the success criteria and timelines for your testing.
Define your production rollout of Comply. Do you want a phased rollout, or do you want to target all of your production endpoints at the same time?
Create deployments based on the architecture and platform of the targeted endpoints. Deploy each new deployment to begin distributing the Comply tools and scan engines to targeted endpoints. See Setting up endpoints.
If needed, upload additional supported configuration compliance standards. See Importing individual standards and assigning categories.
If needed, configure additional vulnerability sources. See Create a new vulnerability source.
Create a configuration compliance assessment that uses the Tanium Certified Standards and targets enterprise endpoints. See Create a configuration compliance assessment.
Create a vulnerability assessment that uses the Tanium Vulnerability Library vulnerability definitions and targets enterprise endpoints. See Create a vulnerability assessment .
Wait for the assessments to complete.
Create a configuration compliance report that uses the Tanium Certified Standards and targets enterprise endpoints. See Create reports from findings.
Create a vulnerability report that uses the Tanium Vulnerability Library vulnerability definitions and targets enterprise endpoints. See Create reports from findings.
Wait for the reports to complete.
If needed, use Tanium Connect to export data from vulnerability reports. See Exporting vulnerability assessments.
From the Trends menu, click Boards and then click Comply to view the Coverage, Is Compliant, and Is Vulnerable panel.
Last updated: 5/4/2021 4:55 PM | Feedback