Reference: Default solution configurations

Tanium installs and configures all entitled solutions so that you can start getting value from Tanium the first time you sign in to the Tanium Console. The following sections specify the default settings that are configured for each solution.

Tanium™ API Gateway
Tanium™ Asset
Tanium™ Benchmark
Tanium™ Certificate Manager
Tanium™ Client Management
Tanium™ Comply
Tanium™ Connect
Tanium™ Criticality
Tanium™ Deploy
Tanium™ Direct Connect
Tanium™ Discover
Tanium™ End-User Notifications
Tanium™ Endpoint Configuration
Tanium™ Enforce
Tanium™ Engage
Tanium™ Feed
Tanium™ Impact
Tanium™ Integrity Monitor
Tanium™ Interact
Tanium™ Investigate
Tanium™ Map
Tanium™ Patch
Tanium™ Performance
Tanium™ Provision
Tanium™ Reporting
Tanium™ Reputation
Tanium™ Reveal
Tanium™ Threat Response
Tanium™ Trends
Zero Trust

Tanium™ API Gateway

No default settings are configured for API Gateway.

Tanium™ Asset

(Tanium 7.4.5 and later) When you import Client Management, the following default settings are configured:

The following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group
Import schedule	The import schedule is set to start collecting data and generating reports.

Tanium™ Benchmark

When you import Client Management with automatic configuration, the following default setting is configured:

The following default setting is configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group

Tanium™ Certificate Manager

The following default settings are configured:

When you import Certificate Manager, the following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group If the action group was already created in a previous version of Certificate Manager, the action group is not updated.
Scheduled action for default audit settings	Maximum Audit Age: 1 Day Port Scan: enabled Log Verbosity: Info Distribute over time: 15 Minutes

Setting

Default value

Action group

Restricted targeting disabled (default): All Computers computer group
Restricted targeting enabled: No Computers computer group

If the action group was already created in a previous version of Certificate Manager, the action group is not updated.

Scheduled action for default audit settings

Maximum Audit Age: 1 Day
Port Scan: enabled
Log Verbosity: Info
Distribute over time: 15 Minutes

Tanium™ Client Management

When you import Client Management with automatic configuration, the following default setting is configured:

The following default setting is configured:

Setting	Default Value
Action group	The action group is set to the All Computers computer group. Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group If you import Client Management with restricted targeting disabled. leave Leave the Client Management action group set to the default of All Computers. If you use restricted targeting to set the Client Management action group to target the No Computers filter group, set the action group to target the computer group All Computers.

Setting

Default Value

Action group

The action group is set to the All Computers computer group.

Restricted targeting disabled (default): All Computers computer group
Restricted targeting enabled: No Computers computer group

If you import Client Management with restricted targeting disabled. leave Leave the Client Management action group set to the default of All Computers. If you use restricted targeting to set the Client Management action group to target the No Computers filter group, set the action group to target the computer group All Computers.

Tanium™ Comply

When you import Comply with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting

Default value

Action group

Restricted targeting disabled (default): All Computers computer group
Restricted targeting enabled: No Computers computer group

Comply tools

Comply tools and the Tanium Scan Engine (powered by JovalCM) are deployed to endpoints.

Default configuration

The default configuration does the following:

Sets up a scheduled TVL download (by default 3am every day)
Downloads and imports the certified benchmarks from content.tanium.com
Downloads and installs the engines
Downloads the latest TVL
Creates default compliance and vulnerability assessments for each operating system

Scans begin to run after the installation completes.

Deployments begin immediately after solution installation. The Distribute over setting for the deployments is set to three minutes. After the three minute distribution window completes, reports will run. The Distribute over setting for reports is also three minutes.

Tanium™ Connect

No default settings are configured for Connect.

Tanium™ Criticality

When you import Criticality with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting	Default value
Endpoint rules	Domain Controllers Servers Workstations
Group rules	Default Critical Active Directory Groups

Tanium™ Deploy

When you import Deploy with automatic configuration, the following default settings are configured:

The following default settings are configured for Deploy:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group
Deploy deployment templates	The following deployment templates are created: [Standard Deployment] - default [Deployment with Reboot] [Deployment with Pre-Notification]
Deploy maintenance windows	An Always On maintenance window is created, and enforced against the All Computers computer group.
Deploy configurations	For action locked machines, only applicability scanning is enabled, so that deployments cannot run on action locked machines.
Deploy software packages	The following Predefined Package Gallery packages are automatically imported: Adobe Digital Editions Adobe Acrobat Reader DC (en-us) Adobe Acrobat Reader DC (en-us) (64-bit) Adobe Acrobat Reader DC (MUI) Adobe Acrobat Reader DC (MUI) (64-bit) Microsoft Power BI Desktop (x64) Microsoft Power BI Desktop Microsoft Teams (x64) Microsoft Teams (x86) Microsoft Visual Studio Code (x64 en-us) Microsoft Visual Studio Code (x86 en-us) Mozilla Firefox (x64 en-US) Mozilla Firefox (x86 en-US) VideoLAN VLC media player (32-bit) VideoLAN VLC media player (64-bit) Zoom Zoom Zoom Zoom (64-bit)

Tanium™ Direct Connect

When you import Direct Connect with automatic configuration, the following default settings are configured:

The following default setting is configured:

Setting

Default Value

Action group

Restricted targeting disabled (default): All Computers computer group
Restricted targeting enabled: No Computers computer group

Fully Qualified Domain Name for the module server

The Fully Qualified Domain Name setting in the Endpoint Connection settings is set to the first-detected IPv4 address that is closest to the Tanium Server IP address. (This is often the IP address of the module server.)

The IP address or FQDN that is specified for this setting must resolve to the Module Server from all endpoints in all direct endpoint connections. After the initial installation and configuration completes, you can verify this value on the Endpoint Connection tab in the Direct Connect settings and update it if needed.

Tanium™ Discover

When you import Discover with the Tanium Recommended Installation workflow, the following default settings are configured:

The following default setting is configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group
Level 2 ping distributed profile	This profile is created and deployed to all Tanium Clients. For more information about this type of profile, see Level 2 (ping).

Tanium™ End-User Notifications

When you import End-User Notifications with automatic configuration, the following default settings are configured:

The following default settings are configured for End-User Notifications:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group
End-User Notifications configurations	A default End-User Notifications configuration is created. The End-User Notifications tools are distributed to endpoints.

Tanium™ Endpoint Configuration

The following default setting is configured:

When you import Endpoint Configuration (regardless of whether you use automatic configuration), the following default setting is configured:

Setting	Default Value
Action group	The action group is set to the All Computers computer group. Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group If you use restricted targeting to set the Endpoint Configuration action groups to target the No Computers filter group, then make sure that before using any modules, you set it to target the appropriate endpoints (typically All Computers). For more information, see Tanium Endpoint Configuration User Guide: Configure the Endpoint Configuration action group. Modules cannot deploy configurations or tools to endpoints that are not targeted by the Endpoint Configuration action group. Use the appropriate targeting groups within modules to control targeted deployment of configurations or tools. If you have endpoints with operating systems that are not supported by Endpoint Configuration, contact Tanium Support.

Setting

Default Value

Action group

The action group is set to the All Computers computer group.

Restricted targeting disabled (default): All Computers computer group
Restricted targeting enabled: No Computers computer group

If you use restricted targeting to set the Endpoint Configuration action groups to target the No Computers filter group, then make sure that before using any modules, you set it to target the appropriate endpoints (typically All Computers). For more information, see Tanium Endpoint Configuration User Guide: Configure the Endpoint Configuration action group. Modules cannot deploy configurations or tools to endpoints that are not targeted by the Endpoint Configuration action group. Use the appropriate targeting groups within modules to control targeted deployment of configurations or tools. If you have endpoints with operating systems that are not supported by Endpoint Configuration, contact Tanium Support.

Tanium™ Enforce

When you import Enforce with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group
Computer groups	The Enforce tools group is set to All Computers.

Tanium™ Engage

When you import Engage with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Windows Workstations computer group Restricted targeting enabled: No Computers computer group

Tanium™ Feed

No default settings are configured for Feed.

Tanium™ Impact

When you import Impact with automatic configuration, the following default settings are configured:

The following default setting is configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Because Impact is currently supported only on Windows endpoints, the Targeting Criteria for the action to distribute the Impact tools filters the group to Windows endpoints. Restricted targeting enabled: No Computers computer group

Tanium™ Integrity Monitor

When you import Integrity Monitor with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All AIX, All Linux, All Solaris, and All Windows computer groups Restricted targeting enabled: No Computers computer group
Service account	The service account is set to the account that you used to import the module. Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure the Integrity Monitor service account.
Monitor creation	A monitor is created for each supported operating system (Windows, Linux, Solaris, and AIX). The Windows monitor is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, All Windows Server 2019, and All Windows Server 2022. All other monitors are targeted to the associated All <Operating System> computer group: All Linux, All AIX, and All Solaris. If one or more of the targeted operating systems are not used in your environment, delete the associated monitors.
Monitor deployments	The monitors are deployed to endpoints.
Watchlist	A watchlist is created for each supported operating system based on the Critical System Files template for the operating system. The Windows watchlist is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, All Windows Server 2019, and All Windows Server 2022. All other watchlists are targeted to the associated All <Operating System> computer group: All Linux, All AIX, and All Solaris. If one or more of the targeted operating systems are not used in your environment, delete the associated watchlists.
Watchlist deployments	The watchlists are deployed to endpoints.

Tanium™ Interact

No default settings are configured for Client Management.

Tanium™ Investigate

When you import Investigations with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group

Tanium™ Map

When you import Map with automatic configuration, the following default setting is configured:

The following default setting is configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Windows Servers and All Linux computer groups Restricted targeting enabled: No Computers computer group

Tanium™ Patch

When you import Patch with automatic configuration, the following default settings for managing Windows and Linux endpoints are configured:

The following default settings for managing Windows and Linux endpoints are configured for Patch:

Setting

Default value

Action group

Restricted targeting disabled (default): Patch Supported Systems computer group
Restricted targeting enabled: No Computers computer group

Advanced settings

The following advanced setting is configured for optimal delivery of larger payloads:

ClientCacheLimitInMB = 2048

For more information, see Configure advanced settings

Patch computer groups

Computer groups that Patch requires are imported:

All Alma Linux 8
All Amazon
All Debian
All Debian 8
All Debian 9
All Debian 10
All Debian 11
All CentOS 6
All CentOS 7
All CentOS 8
All OpenSUSE 15
All Oracle 6
All Oracle 7
All Oracle 8
All Red Hat 6
All Red Hat 7
All Red Hat 8
All Red Hat 9
All Rocky Linux 8
All SLES 11
All SLES 12
All SLES 15
All SUSE

All Ubuntu
All Ubuntu 14.04 - amd64
All Ubuntu 14.04 - i386
All Ubuntu 14.04 - arm64
All Ubuntu 16.04 - amd64
All Ubuntu 16.04 - i386
All Ubuntu 16.04 - arm64
All Ubuntu 18.04 - amd64
All Ubuntu 18.04 - i386
All Ubuntu 18.04 - arm64
All Ubuntu 20.04 - amd64
All Ubuntu 20.04 - i386
All Ubuntu 20.04 - arm64
All Ubuntu 22.04 - amd64
All Ubuntu 22.04 - i386
All Ubuntu 22.04 - arm64
All Windows
All Windows Servers
Patch Supported Systems

Patch scans

Tanium Scan for Windows is configured and synchronized.
Default scan configurations are created for Windows and Linux and enforced by the recommended computer group.

Patch lists

The following patch lists are automatically created:

[Patch Baseline Deployment] - Windows
[Tanium Patch Baseline Reporting] - Windows
[Tanium Patch Baseline Reporting] - Linux
All Patches
[Tanium Patch Recommended Updates] - Windows

Patch block lists

The [Global Block List] - Windows block list is created and targets the Patch Supported Systems computer group. This block list excludes Security Only patches on Windows systems.
A default block list is created for Linux but is not targeted.

Patch deployment templates

Default deployment templates are created for Windows and Linux.

Patch maintenance windows

A [Patch Tuesday] - Windows default maintenance window is created for Patch Tuesday and is not enforced on any computer groups.
Default maintenance windows are created for Windows and Linux to block patch installations and reboots without first enabling another maintenance window. These maintenance windows are not enforced to any computer groups.

Tanium™ Performance

When you import Performance with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers All Windows, All Linux, and All Mac computer groups. Restricted targeting enabled: No Computers computer group.
Profiles	A profile is created with the default event rule configuration that targets All Computers.

Tanium™ Provision

When you import Client Management with automatic configuration, the following default settings are configured:

The following default settings are configured for Client Management:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group

Tanium™ Reporting

No default settings are configured for Reporting.

Tanium™ Reputation

When you import Reputation with automatic configuration, the Reputation service account is set to the account that you used to import the module.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure service account.

No default settings are configured for Reputation.

Tanium™ Reveal

When you import Reveal with automatic configuration, the following default settings are configured:

The following default setting is configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group

Tanium™ Threat Response

When you import Client Management with automatic configuration, the following default settings are configured:

The following default settings are configured:

Tanium Signals are imported.

The following Client Management profiles are created and deployed to specific computer groups:

Profile Name	Detection configuration	Index Configuration	Recorder Configuration
[Tanium Default] - Windows Deploys to All Windows computer group.
[Tanium Default] - Linux Deploys to All Linux computer group.
[Tanium Default] - Mac Deploys to All Mac computer group.

Tanium™ Trends

When you import Client Management with automatic configuration, the following default settings are configured:

The following default settings are configured for Client Management:

Setting	Default value
Client Management visibility	Client Management visibility is set to the following computer groups if they exist: All Computers All Windows All Linux All Mac All Workstations All Servers All Windows Workstations All Windows Servers
Client Management boards	Client Management imports all available boards and sources for the initial gallery. This includes boards and sources provided by any other Tanium solution that has a service account configured. After import, boards may take several minutes to initially display. If you import Client Management with the default settings and later import another Tanium solution, Client Management automatically imports the boards and sources for that solution. If you import Client Management without the default settings, you will need to manually import the boards and sources from other Tanium solutions.

Setting

Default value

Client Management visibility

Client Management visibility is set to the following computer groups if they exist:

All Computers
All Windows
All Linux
All Mac
All Workstations
All Servers
All Windows Workstations
All Windows Servers

Client Management boards

Client Management imports all available boards and sources for the initial gallery. This includes boards and sources provided by any other Tanium solution that has a service account configured. After import, boards may take several minutes to initially display.

If you import Client Management with the default settings and later import another Tanium solution, Client Management automatically imports the boards and sources for that solution. If you import Client Management without the default settings, you will need to manually import the boards and sources from other Tanium solutions.

Zero Trust

When you import Zero Trust with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting	Default value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group