IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Comply (Version 2.17)

From Tanium Knowledge Base
Jump to navigation Jump to search

Tanium Comply 2.17.306

Release Date: April 25, 2023

Enhancements

This release includes:

  • Clearer Remediation values for some CVEs

Security Update

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium Vulnerabilities, or by contacting your TAM.

Known Issues

  • Attempting to view all vulnerability findings in the Comply workbench may fail due to the browser running out of memory
  • RAS assessments for ESXi vulnerability fail with connection error due to a bug in the Joval 6.4.4.1 engine
  • RAS assessments for ESXi vulnerability fail with a connection error on ESXi builds 7.0.3 200xxxx or later due to a bug in the Joval 6.4.2 engine
  • Scans using the CIS-CAT engine fail using the Amazon Corretto JRE v11.0.17.8.1 or later
  • The Comply - Vulnerability Findings Aggregates deprecated sensor can return "No Vulnerabilities" for endpoints with CVE Findings
  • RAS findings for Juniper report the OS version and Operating System Generation as "unknown"
  • OVAL results parser does not correctly handle the EntityStateRecordType or EntityItemRecordType OVAL types needed to surface actual values for some test definitions within Investigations
  • Connect jobs using the Tanium Comply plugin sources to export vulnerability data may prevent updates to the TVL while the connection is running

Tanium Comply 2.17.303

Release Date: April 11, 2023

Enhancements

This release includes:

  • Added the option to include compliance and vulnerability findings investigation details columns (Test ID, Expected Objects, Expected States, Actual Values) in exports using the Tanium Comply (Findings) Connect source
  • More precise identification of Affected Platform, Affected Product, and Common Platform Enumerator (CPE) for Comply vulnerability findings in the workbench, CSV download, and the Tanium Comply (Findings) Connect source

Known Issues

  • Attempting to view all vulnerability findings in the Comply workbench may fail due to the browser running out of memory
  • RAS assessments for ESXi vulnerability fail with connection error due to a bug in the Joval 6.4.4.1 engine
  • RAS assessments for ESXi vulnerability fail with a connection error on ESXi builds 7.0.3 200xxxx or later due to a bug in the Joval 6.4.2 engine
  • Scans using the CIS-CAT engine fail using the Amazon Corretto JRE v11.0.17.8.1 or later
  • The Comply - Vulnerability Findings Aggregates deprecated sensor can return "No Vulnerabilities" for endpoints with CVE Findings
  • RAS findings for Juniper report the OS version and Operating System Generation as "unknown"
  • OVAL results parser does not correctly handle the EntityStateRecordType or EntityItemRecordType OVAL types needed to surface actual values for some test definitions within Investigations
  • Connect jobs using the Tanium Comply plugin sources to export vulnerability data may prevent updates to the TVL while the connection is running

Tanium Comply 2.17.286

Release Date: March 28, 2023

Enhancements

This release includes:

  • Added new sensors to track First Found and Last Scan dates for Compliance findings. These dates are now available as optional columns in the Tanium Comply (Findings) Connect source for Compliance findings.

Known Issues

  • RAS assessments for ESXi vulnerability fail with connection error due to a bug in the Joval 6.4.4.1 engine
  • RAS assessments for ESXi vulnerability fail with a connection error on ESXi builds 7.0.3 200xxxx or later due to a bug in the Joval 6.4.2 engine
  • Scans using the CIS-CAT engine fail using the Amazon Corretto JRE v11.0.17.8.1 or later
  • The Comply - Vulnerability Findings Aggregates deprecated sensor can return "No Vulnerabilities" for endpoints with CVE Findings
  • RAS findings for Juniper report the OS version and Operating System Generation as "unknown"
  • OVAL results parser does not correctly handle the EntityStateRecordType or EntityItemRecordType OVAL types needed to surface actual values for some test definitions within Investigations
  • Connect jobs using the Tanium Comply plugin sources to export vulnerability data may prevent updates to the TVL while the connection is running


Tanium Comply 2.17.285

Release Date: March 21, 2023

Enhancements

This release includes:

  • Support for Juniper JunOS for Remote Authenticated Assessments (RAS)
  • Added the ability to download Investigation results as CSV from the Comply workbench with endpoint details
  • Added the full file path for Actual Value test results in the Investigations feature
  • Added support for Investigations of passed compliance findings
  • Added new sensors to track assessments last scan date and CVE findings last scan date
  • Added new Comply Reports Read and Comply Reports Write RBAC privileges
  • Added missing Solution Link and Remediation information for some CVEs
  • Added user information for deleted assessments in Comply modules logs and database
  • Updated the Comply Health section in the module overview page
  • Updated the Tanium Scan Engine to version 6.4.4.1.

Bug Fixes

Fixed an issue with:

  • Vulnerability assessments failing due to insufficient memory on endpoints configured with low resource mode
  • Debug assessments would failing to generate a valid diagnostics report on non-windows endpoints
  • Default CPU setting not being applied on all endpoints
  • Scheduled action to remove stale assessments data from endpoints not repeating
  • Exporting Network Unauthenticated (Remote Vulnerability) results through Connect could failing with larger exports
  • Assessment schedule being reset after running an on-demand scan
  • RAS findings not being displayed in the workbench
  • RAS findings not being ingested after a successful scan
  • RAS findings not being ingested when a duplicate MAC address is encountered
  • The Findings page being slow to load in larger deployments
  • Failing to load details for vulnerability sources
  • Rendering HTML assessment exports
  • Vulnerability assessments not being updated with new CVEs after a Comply upgrade
  • Some CVE "Help Links" pointing to the wrong URL
  • "RUS Tools" being installed on non-Satellite endpoints
  • Corrupted intel and scan config files preventing scans from running
  • RDB migration failing on module upgrade when an invalid RAS assessment status is encountered

Known Issues

  • RAS assessments for ESXi vulnerability fail with connection error due to a bug in the Joval 6.4.4.1 engine
  • RAS assessments for ESXi vulnerability fail with a connection error on ESXi builds 7.0.3 200xxxx or later due to a bug in the Joval 6.4.2 engine
  • Scans using the CIS-CAT engine fail using the Amazon Corretto JRE v11.0.17.8.1 or later
  • The Comply - Vulnerability Findings Aggregates deprecated sensor can return "No Vulnerabilities" for endpoints with CVE Findings
  • RAS findings for Juniper report the OS version and Operating System Generation as "unknown"
  • OVAL results parser does not correctly handle the EntityStateRecordType or EntityItemRecordType OVAL types needed to surface actual values for some test definitions within Investigations
  • Connect jobs using the Tanium Comply plugin sources to export vulnerability data may prevent updates to the TVL while the connection is running

Security Update

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Community site, or by contacting support.


Prerequisites

  • Tanium™ Connect 4.10.5 or later (To customize columns for exports, you must have Connect 5.8.49 or later)
  • Tanium™ Discover 3.0 or later required for remote vulnerability reports
  • Tanium™ Endpoint Configuration 1.2 or later
  • Endpoint Configuration is installed as part of Tanium™ Client Management 1.7 or later.
  • Tanium™ Interact 2.14.112 or later
  • Tanium™ Trends 3.6 or later
  • Tanium™ Reporting service 1.3.12 or later
  • Tanium™ API Gateway 1.1.13 or later
  • Tanium™ Blob service 1.0.6 or later
  • Tanium™ RDB service 1.2.62 or later
  • Tanium™ System User service 1.0.77 or later

Additional Remote Authenticated Scanning requirements:

  • Tanium Direct Connect 2.1 or later
  • Tanium Discover 4.5.144 or later

Supported Tanium Platforms

  • Tanium Server 7.4.1.1939 or later