Succeeding with Comply

Follow these best practices to achieve maximum value and success with Tanium Comply. These steps align with the key benchmark metrics: Comply coverage across endpoints and decreasing the number of endpoints with critical or high vulnerabilities.

Step 1: Gain organizational effectiveness

Complete the key organizational governance steps to maximize Comply value. For more information about each task, see Gaining organizational effectiveness.

Develop a dedicated change management process.

Define distinct roles and responsibilities in a RACI chart.

Validate cross-functional organizational alignment.

Track operational metrics.

Step 2: Install Tanium modules

Install Tanium Connect. See Tanium Connect User Guide: Installing Connect.

Install Tanium Patch. See Tanium Patch User Guide: Installing Patch.

Install Tanium Comply. See Installing Comply.

Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.

Install Tanium Client Management and Tanium Endpoint Configuration. See Tanium Client Management User Guide: Installing.

Import the Comply board from the Trends initial gallery. See Tanium Trends User Guide: Importing the initial gallery. If you installed Trends using the Apply Tanium recommended configurations option, the Comply board is automatically imported after the Comply service account is configured.

Step 3: Step 2: Configure Comply

Create computer groups for use in reports that include your supported Windows, macOS, Linux, AIX, and Solaris endpoints. See Tanium Console User Guide: Create computer groups.

If you install Comply using the Apply Tanium recommended configurations option, several Several computer groups are created automatically. See Requirements.

Configure the Comply service account. See Configure the service account.

If you install Comply using the Apply Tanium recommended configurations option, the service account is automatically set to the account that you used to install Comply.

Step 4: Step 3: Create deployments

Define the criteria for testing groups, which can be the computer groups that you created when you configured Comply or that were created automatically if you installed Comply using the Apply Tanium recommended configurations option.

Define the success criteria and timelines for your testing.

Define your production rollout of Comply. Do you want a phased rollout, or do you want to target all of your production endpoints at the same time?

Create deployments based on the architecture and platform of the targeted endpoints. Deploy each new deployment to begin distributing the Comply tools and scan engines to targeted endpoints. See Create deployments.

If you install Comply using the Apply Tanium recommended configurations option, deployments Deployments are created automatically to deploy the Comply tools and the Tanium Scan Engine (powered by JovalCM) to endpoints.

Step 5: Step 4: Configure benchmarks

If needed, upload additional supported configuration compliance benchmarks. See Importing individual benchmarks and assigning categories.

If needed, configure additional vulnerability sources. See Create a new vulnerability source.

Step 6: Step 5: Create reports

Create a configuration compliance report that uses the Tanium Certified Benchmarks and targets enterprise endpoints. See Create a configuration compliance report.

If you install Comply using the Apply Tanium recommended configurations option, default Default configuration compliance reports are created for each operating system.

Create a vulnerability report that uses the Tanium Vulnerability Library vulnerability definitions and targets enterprise endpoints. See Create a vulnerability report.

If you install Comply using the Apply Tanium recommended configurations option, default Default vulnerability reports are created for each operating system.

Wait for the reports to complete.

If needed, use Tanium Connect to export data from vulnerability reports. See Exporting vulnerability reports.

Step 7: Step 6: Monitor Comply metrics

From the Trends menu, click Boards and then click Comply to view the Coverage, Is Compliant, and Is Vulnerable panel.

Monitor and troubleshoot Comply coverage.

Monitor and troubleshoot endpoints with critical or high vulnerabilities.