Configuring Client Management

If you did not install Client Management with the Apply All Tanium recommended configurations option, you must enable and configure certain features.

When you import Reputation with automatic configuration, the Reputation service account is set to the account that you used to import the module.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure service account.

No default settings are configured for Reputation.

Configure Client Management

Configure service account

The service account is a user that runs several background processes for Client Management. This user requires the following roles and access:

  • Client Management Service Account role
  • (Optional) Connect User role to send Client Management data to Tanium Connect

For more information about Client Management permissions, see User role requirements.

If you imported Client Management with default settings, the service account is set to the account that you used to perform the import. Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization.

  1. From the Main menu, go to Administration > Shared Services > Client Management to open the Client Management Overview page.
  2. Click Settings and open the Service Account tab.
  3. Update the service account settings and click Save.

Configure Reputation service settings

Reputation service settings determine the contents of the reputation database. These settings determine how often reputation items are scanned in the reputation source, how long to consider items as new, and how long to keep items in the database if their reputation status has not been referenced. For more information about these settings and how they affect the reputation items, see Reputation item life cycle.

To update these settings, from the Reputation Overview page, click Settings , and then click Configuration Settings.

The Keep Reports setting determines whether you want the full reports from the reputation source to be kept in the reputation database. You can choose to keep all reports, or only malicious and suspicious reports. Selecting only malicious and suspicious reports saves space in the database. If you are using VirusTotal as a connection source, use the keep all reports option to get the enhanced reporting information.

Set up Client Management users

You can use the following set of predefined user roles to set up Client Management users.

To review specific permissions for each role, see User role requirements.

For more information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.

Client Management Administrator

Assign the Client Management Administrator role to users who manage the configuration of Client Management.
This role can perform the following tasks:

  • Configure Client Management settings, including the service account, scanning, storage, and logging
  • View, create, edit, and delete reputation provider configurations
  • View, create, edit, and delete file data hashes

Client Management Operator

Assign the Client Management Operator role to users who manage the configuration of Client Management but do not need to manage the service account.
This role can perform the following tasks:

  • Configure some Client Management settings, including scanning, storage, and logging
  • View, create, edit, and delete reputation provider configurations
  • View, create, edit, and delete file data hashes

Client Management Service Account

Assign the Client Management Service Account role to the account that configures system settings for Client Management.
This role can perform several background processes for Client Management. For more information, see Installing Client Management.