Certificate Manager requirements
Review the requirements before you install and use Certificate Manager.
Core platform dependencies
Make sure that your environment meets the following requirements:
-
Tanium license that includes Certificate Manager
-
Tanium™ Core Platform servers: 7.5.5.1140 or later
-
Tanium™ Client: 7.4 or later
Solution dependencies
Other Tanium solutions are required for Certificate Manager to function (required dependencies) or for specific Certificate Manager features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.
Some Certificate Manager dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies and Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Certificate Manager requires.
Tanium recommended installation
If you select Tanium Recommended Installation when you import Certificate Manager, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.
Import specific solutions
If you select only Certificate Manager to import, you must manually import dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.
Required dependencies
Certificate Manager has the following required dependencies at the specified minimum versions:
- Tanium™ Client Management 1.12.77 or later
- Tanium Reporting 1.13.76 or later
Feature-specific dependencies
Certificate Manager has the following feature-specific dependencies at the specified minimum versions:
- Tanium™ Connect 5.9.65 or later to create connections with reports as the data source
Endpoints
Supported operating systems
The following endpoint operating systems are supported with Certificate Manager.
Operating System | Version | Notes |
---|---|---|
Windows | Same as Tanium Client support. See Tanium Client Management User Guide: Client version and host system requirements. | |
macOS | Same as Tanium Client support. See Tanium Client Management User Guide: Client version and host system requirements. | SSL Audit only |
Linux |
Same as Tanium Client support. See Tanium Client Management User Guide: Client version and host system requirements. |
Requires lsof to capture owning process data. For more information, see ERROR - lsof was not found. |
Host and network security requirements
Specific processes are needed to run Certificate Manager.
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
Target Device | Notes | Exclusion Type | Exclusion |
---|---|---|---|
Windows endpoints | Process | <Tanium Client>\Python38\TPython.exe | |
Folder | <Tanium Client>\Python38 | ||
Process | <Tanium Client>\TaniumCX.exe | ||
Process | <Tanium Client>\Tools\StdUtils\TaniumExecWrapper.exe | ||
Folder | <Tanium Client>\Tools\CertificateManager | ||
Linux endpoints | Process |
<Tanium Client>/python38/python |
|
Process | <Tanium Client>/TaniumCX | ||
Process | <Tanium Client>/Tools/StdUtils/TaniumExecWrapper | ||
Folder | <Tanium Client>/Tools/CertificateManager | ||
macOS endpoints | Process | <Tanium Client>/python38/python | |
Process | <Tanium Client>/TaniumCX | ||
Process | <Tanium Client>/Tools/StdUtils/TaniumExecWrapper | ||
Folder | <Tanium Client>/Tools/CertificateManager |
Target Device | Notes | Exclusion Type | Exclusion |
---|---|---|---|
Windows endpoints | Process | <Tanium Client>\Python38\TPython.exe | |
Folder | <Tanium Client>\Python38 | ||
Process | <Tanium Client>\TaniumCX.exe | ||
Process | <Tanium Client>\Tools\StdUtils\TaniumExecWrapper.exe | ||
Folder | <Tanium Client>\Tools\CertificateManager | ||
Linux endpoints | Process |
<Tanium Client>/python38/python |
|
Process | <Tanium Client>/TaniumCX | ||
Process | <Tanium Client>/Tools/StdUtils/TaniumExecWrapper | ||
Folder | <Tanium Client>/Tools/CertificateManager | ||
macOS endpoints | Process | <Tanium Client>/python38/python | |
Process | <Tanium Client>/TaniumCX | ||
Process | <Tanium Client>/Tools/StdUtils/TaniumExecWrapper | ||
Folder | <Tanium Client>/Tools/CertificateManager |
User role requirements
The following table lists the role permissions required to use Certificate Manager. To review a summary of the predefined roles, see Set up Certificate Manager users.
For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.
Permission | Certificate Manager User1,2 | Certificate Manager Read Only User1,2 |
---|---|---|
SHOW: View the Certificate Manager workbench USER: User access to Certificate Manager |
SHOW USER |
SHOW |
Read-only access to the Certificate Manager module |
USER |
USER |
1 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions. 2 This role provides module permissions for Tanium Reporting. You can view which Reporting permissions are granted to this role in the Tanium Console. For more information, see Tanium Reporting User Guide: User role requirements. |
Permission | Certificate Manager user | Certificate Manager Read Only User |
---|---|---|
Action |
WRITE |
|
Dashboard |
READ |
READ |
Filter Group |
READ |
READ |
Own Action |
READ |
|
Package |
READ |
READ |
Plugin |
READ EXECUTE |
READ EXECUTE |
Saved Question |
READ |
READ |
Sensor |
READ |
READ |
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. |
Last updated: 3/14/2023 1:24 PM | Feedback