Asset requirements

Review the requirements before you install and use Asset.

Tanium dependencies

In addition to a license for the Asset product module, make sure that your environment also meets the following requirements.

Component Requirement
Tanium™ Core Platform
  • 7.2.314.2831 or later, 7.2.314.3518 or later is recommended
  • 7.3.314.3668 or later
  • 7.4.1.1939 or later
  • TanOS 1.2.0 or later
Tanium™ Content (Optional) Asset includes all of the content it needs for base functionality. You can import additional content or sensors into Asset after installation.
Tanium™ Client 6.0.314.1540 or later recommended
Tanium Products If you clicked the Install with Recommended Configurations button when you installed Asset, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Asset requires to function, as described under Tanium Console User Guide: Manage Tanium modules.

The following modules are optional, but Asset requires the specified minimum versions to work with them:

  • Tanium Connect 4.3 or later (create connections with Asset reports as a data source)
  • Tanium Index (create Flexera reports with file evidence data)

Tanium™ Module Server

Asset runs as a service on the Tanium Module Server.

Disk space

Asset requires disk storage capacity necessary to support the number of endpoints in your environment. For planning purposes, use 100 MB per 1000 endpoints, for example: 

  • 5,000 endpoints: 500 MB
  • 50,000 endpoints: 5 GB
  • 100,000 endpoints: 10 GB
  • 250,000 endpoints: 25 GB
  • 500,000 endpoints: consult your Technical Account Manager

Usage might vary significantly based on the following variables: the number of endpoints, the number of applications, the number of users, if file evidence data is enabled, and most importantly the attributes that you add on the Inventory Management > Attributes page. These suggested sizes are considered a good estimate for most environments.

Tanium Module Server on Linux

If you are running your Tanium Module server on Linux (not TanOS), the Tanium user must have write permission on the /tmp directory. To make the directory writable by any user of the system, run the chmod 777 command on the /tmp directory.

Endpoints

Supported operating systems

Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.

Third-party software

The following third-party software is optional for exporting data from Asset: 

  • For the ServiceNow CMDB connector, the Jakarta release or later is required.
  • For Flexera integration, you must have an SQL database that can be configured to receive data from Asset. Ask your TAM for more information.

Host and network security requirements

Specific ports and processes are needed to run Asset.

Ports

The following ports are required for Asset communication.

Component Port Direction Purpose
Module Server 443 Outbound Access to your ServiceNow instance

Security exclusions

A security administrator must create exclusions to allow Tanium processes to run without interference if security software is in use in the environment to monitor and block unknown host system processes.

Table 1:   Asset security exclusions
Target Device Process
Module Server <Module Server>\services\asset-service\node.exe
<Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\postgres.exe
<Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\pg_ctl.exe
Endpoints (Windows) <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe (For integration with Flexera)
Endpoints (macOS and Linux) <Tanium Client>/Tools/EPI/TaniumEndpointIndex (For integration with Flexera)

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to add the following URLs to the whitelist on the Tanium Module Server for the Asset service.

  • ServiceNow instance (yourcompany.service-now.com)

User role requirements

Table 2:   Asset user role privileges for Tanium 7.2.314.2831 or later
Privilege Asset Administrator Asset User Asset Report Reader

Show Asset

View Asset workbench
1
1
1

Asset Report Read

View reports and views
1
1

Asset Report Write

Create, edit, and delete reports and views

2  

Asset Configuration Item Write

Configure all aspects of Asset (service settings, schedules, attributes, destinations)


1 Denotes a provided permission

2 For owned reports and views only

 

Table 3:   Provided Asset Advanced user role permissions for Tanium 7.2.314.2831 or later
Permission Content Set for Permission Asset Administrator Asset User Asset Report Reader
Ask Dynamic Questions  
Execute Plugin Asset
Read Sensor Asset
Read Sensor Reserved
Write Action Asset
Write Action for Saved Question Asset
Read Saved Question Asset
Write Saved Question Asset

 

Table 4:   Optional roles for Asset
Role Enables
Connect Administrator (prior to Connect 4.8 only) Create, edit, or delete a Flexera destination
Connect User (Connect 4.8 and later)

Create, edit, or delete a Flexera destination
Tanium Administrator

Create scheduled actions for the file evidence content for Flexera destinations