Asset requirements
Review the requirements before you use Asset.
Also review the Tanium as a Service requirements, as described in Tanium as a Service User Guide: Tanium as a Service requirements.
Tanium dependencies
In addition to a license for the Asset product module, make sure that your environment also meets the following requirements.
| Component | Requirement |
|---|---|
| Tanium™ Core Platform |
|
| Tanium™ Content | (Optional) Asset includes all of the content it needs for base functionality. You can import additional content or sensors into Asset after installation. |
| Tanium™ Client |
7.2.314.3518 or later is recommended 7.4 or later |
| Tanium Products | If you clicked the Install with Recommended Configurations button when you installed Asset, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Asset requires to function, as described under Tanium Console User Guide: Manage Tanium modules.
The following modules are optional, but Asset requires the specified minimum versions to work with them:
|
Tanium™ Module Server
Asset runs as a service on the Tanium Module Server.
Disk space
Asset requires disk storage capacity necessary to support the number of endpoints in your environment. For planning purposes, use 100 MB per 1000 endpoints, for example:
- 5,000 endpoints: 500 MB
- 50,000 endpoints: 5 GB
- 100,000 endpoints: 10 GB
- 250,000 endpoints: 25 GB
- 500,000 endpoints: consult your Technical Account Manager
Usage might vary significantly based on the following variables: the number of endpoints, the number of applications, the number of users, if file evidence data is enabled, and most importantly the attributes that you add on the Inventory Management > Attributes page. These suggested sizes are considered a good estimate for most environments.
Tanium Module Server on Linux
If you are running your Tanium Module server on Linux (not TanOS), the Tanium user must have write permission on the /tmp directory. To make the directory writable by any user of the system, run the chmod 777 command on the /tmp directory.
Endpoints
Supported operating systems
Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.
Same as Tanium as a Service support. See Tanium as a Service User Guide: Endpoints.
Third-party software
The following third-party software is optional for exporting data from Asset:
- For the ServiceNow CMDB connector, the Jakarta release or later is required.
- For Flexera integration, you must have an SQL database that can be configured to receive data from Asset. Ask your TAM for more information.
Host and network security requirements
Specific ports and processes are needed to run Asset.
Ports
For Tanium as a Service ports, see Tanium as a Service User Guide: Host and network security requirements.
The following ports are required for Asset communication.
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
|
Module Server |
ServiceNow | 443 | TCP | Access to your ServiceNow instance |
Security exclusions
A security administrator must create exclusions to allow Tanium processes to run without interference if security software is in use in the environment to monitor and block unknown host system processes.
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Module Server>\services\asset-service\node.exe | |
| <Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\postgres.exe | ||
| <Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\pg_ctl.exe | ||
| Windows endpoints | For integration with Flexera | <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe |
| macOS and Linux endpoints | For integration with Flexera | <Tanium Client>/Tools/EPI/TaniumEndpointIndex |
Internet URLs
If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to add the following URLs to the whitelist on the Tanium Module Server for the Asset service.
- ServiceNow instance (yourcompany.service-now.com)
User role requirements
| Permission | Asset Administrator | Asset Operator | Asset User | Asset Report Reader | Asset Service Account |
|---|---|---|---|---|---|
|
Show Asset View Asset workbench |
 1
|
1
|
1
|
1
|
|
|
Asset Report Read View reports and views |
1
|
1
|
1
|
|
|
|
Asset Report Write Create, edit, and delete reports and views |
|
|
2 |
|
|
|
Asset Configuration Item Write Configure all aspects of Asset (service settings, schedules, attributes, destinations) |
|
|
|
|
|
|
Asset Plugin Callback Configure Asset communication with the Tanium Server and Tanium Module Server |
|
|
|
|
|
|
Asset Service Configure Configure all aspects of Asset services |
|
|
|
|
|
|
Trends Integration Service Account Provide access for module service accounts to read and write data, and to define sources and boards |
|
|
|
|
|
| Trends API Board Read View boards, sections, and panels for specified content sets |
|
|
|
|
|
|
Trends API Board Write Create, edit, delete, and configure boards, sections, and panels for specified content sets |
|
|
|
|
|
|
Trends API Source Read View and list sources for specified content sets |
|
|
|
|
|
|
Trends API Source Write Create, edit, and delete sources for specified content sets |
|
|
|
|
|
|
Trends Data Read Run data queries against sources |
|
|
|
|
|
|
Trends Import Import from file or gallery Does not grant access to create new or custom boards and sources |
|
|
|
|
|
|
1 Denotes a provided permission 2 For owned reports and views only |
|||||
| Permission | Content Set for Permission | Asset Administrator | Asset Operator | Asset User | Asset Report Reader | Asset Service Account |
|---|---|---|---|---|---|---|
| Ask Dynamic Questions |
|
|
|
|
|
|
| Execute Plugin | Asset |
|
|
|
|
|
| Execute Plugin | Reserved |
|
|
|
|
|
| Execute Plugin | Trends |
|
|
|
|
|
| Read Sensor | Asset |
|
|
|
|
|
| Read Sensor | Reserved |
|
|
|
|
|
| Write Action | Asset |
|
|
|
|
|
| Write Action for Saved Question | Asset |
|
|
|
|
|
| Read Saved Question | Asset |
|
|
|
|
|
| Write Saved Question | Asset |
|
|
|
|
|
| Role | Enables |
|---|---|
| Connect Administrator (prior to Connect 4.8 only) | Create, edit, or delete a Flexera destination |
| Connect User |
Create, edit, or delete a Flexera destination |
| Tanium Administrator |
Create scheduled actions for the file evidence content for Flexera destinations |
Last updated: 7/7/2020 1:04 PM | Feedback