Benchmark requirements

Review the requirements before you install and use Benchmark.

Core platform dependencies

Make sure that your environment meets the following requirements:

  • Tanium license that includes Benchmark

  • Taniumâ„¢ Client: Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.

    If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.

Client extensions

Tanium Endpoint Configuration installs client extensions for Benchmark on endpoints. Client Extensions perform tasks that are common to certain Tanium solutions. The Tanium Client uses code signatures to verify the integrity of each client extension prior to loading the extension on the endpoint. Each client extension has recommended security exclusions to allow the Tanium processes to run without interference. See Security exclusions for more information. The following client extensions perform Benchmark functions:

  • Config CX - Provides installation and configuration of extensions on endpoints. Tanium Client Management installs this client extension.
  • Core CX - Provides a management framework API for all other client extensions and exposes operating system metrics. Tanium Client Management installs this client extension.
  • Risk CX - Provides Risk functions on the endpoint. Tanium Risk installs this client extension.

Endpoints

Supported Internet protocols

Benchmark supports IPv4 and IPv6 addresses.

Supported operating systems

For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.

The following endpoint operating systems are supported with Benchmark

  • Windows
  • macOS 
  • Linux

Host and network security requirements

Specific ports and processes are needed to run Benchmark.

Ensure all host and network security requirements for modules that provide data to Risk are also met. For more information, see:

Ports

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Risk security exclusions
Target Device Notes Exclusion Type Process
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\extensions\TaniumRisk.dll
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumRisk.so
macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumRisk.dylib

User role requirements

The following tables list the role permissions required to use Benchmark. To review a summary of the predefined roles, see Set up Benchmark users.

For more information about role permissions and associated content sets, see Tanium Console User Guide: RBAC overview.

Benchmark user role permissions
Permission Benchmark Administrator1,2,3,4, 6 Benchmark Operator1,2,3,4,6 Benchmark User1,2,3 Benchmark Endpoint Configuration Approver4

Benchmark

View the Benchmark workbench


SHOW

SHOW

SHOW

Benchmark Administrator

Provides privileges for the Benchmark Administrator role


ADMINISTER

Benchmark

Provides privileges for the Benchmark Operator role


OPERATOR

Benchmark Settings

Allows reading and updating Benchmark settings


READ
WRITE

READ

Benchmark Endpoint Configuration

Allows users to approve Endpoint Configuration items for Benchmark


APPROVE


APPROVE

1 This role provides module permissions for Tanium Impact. You can view which Impact permissions are granted to this role in the Tanium Console. For more information, see the Tanium Impact User Guide: User role requirements.

2 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions.

3 This role provides module permissions for the Tanium Reporting service. You can view which Reporting service permissions are granted to this role in the Tanium Console. For more information, see Tanium Reporting User Guide: User role requirements.

4 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

6 This role provides module permissions for the Tanium Criticality service. You can view which Criticality service permissions are granted to this role in the Tanium Console. For more information, see Tanium Criticality User Guide: User role requirements.


Provided Benchmark administration and platform content permissions
Permission Permission Type Benchmark Administrator1,2,3,4,5,6,7,8,9,10,11, Benchmark Operator1,2,3,4,5,6,7,8,9,10,11 Benchmark User1,2,3,4,5,6,8,9,10,11 Benchmark Endpoint Configuration Approver3,7
Computer Group Administration
READ

READ

READ
Action Group Administration
READ

READ
Global Settings Administration
READ

READ
Filter Group Platform Content
READ

READ

READ
Plugin Platform Content
READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE
Sensor Platform Content
READ

READ

READ

READ

To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions.

1 This role provides content set permissions for Tanium Client Management. You can view which Client Management content sets are granted to this role in the Tanium Console. For more information, see Tanium Client Management User Guide: User role requirements.

2 This role provides content set permissions for Tanium Comply. You can view which Comply content sets are granted to this role in the Tanium Console. For more information, see Tanium Comply User Guide: User role requirements.

3 This role provides content set permissions for Tanium Data Service. You can view which Tanium Data Service content sets are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: User role requirements.

4 This role provides content set permissions for Tanium Impact. You can view which Impact content sets are granted to this role in the Tanium Console. For more information, see Tanium Impact User Guide: User role requirements.

5 This role provides content set permissions for Tanium Interact. You can view which Interact content sets are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: User role requirements.

6 This role provides content set permissions for Tanium Reveal. You can view which Reveal content sets are granted to this role in the Tanium Console. For more information, see Tanium Reveal User Guide: User role requirements.

7 This role provides content set permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration content sets are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

8 This role provides module permissions for the Tanium Criticality service. You can view which Criticality service permissions are granted to this role in the Tanium Console. For more information, see Tanium Criticality User Guide: User role requirements.

9 This role provides module permissions for the Tanium Reporting service. You can view which Reporting service permissions are granted to this role in the Tanium Console. For more information, see Tanium Reporting User Guide: User role requirements.

10 This role provides module permissions for the Tanium Enforce. You can view which Reporting service permissions are granted to this role in the Tanium Console. For more information, see Tanium Enforce User Guide: User role requirements.

11 This role provides module permissions for the Tanium Incident Response service. You can view which Incident Response service permissions are granted to this role in the Tanium Console. For more information, see Tanium Threat Response User Guide: User role requirements.