Client Management requirements
Review the requirements before you
Core platform dependencies
Make sure that your environment meets the following requirements:
-
Tanium™ Core Platform servers: 7.4 or later
- Tanium™ Client: No client requirements.
Solution dependencies
Other Tanium solutions are required for specific Client Management features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.
Some Client Management dependencies have their own dependencies, which you can see by clicking the links in the lists of Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Client Management requires.
Tanium recommended installation
If you select Tanium Recommended Installation when you import Client Management, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.
Import specific solutions
If you select only Client Management to import, you must manually import dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.
Feature-specific dependencies
Client Management has the following feature-specific dependencies at the specified minimum versions:
- Tanium Connect
- Tanium Threat Response
- Tanium Trends
Tanium™ Module Server
Client Management is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.
The Reputation service is automatically disabled when the disk usage of the Module Server exceeds the value of the Maximum Disk Capacity setting. The default value is 85%. For more information on how to configure the Reputation service settings, see Installing Client ManagementConfigure Reputation service settings.
Endpoints
Client Management does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.
Third-party software
With Client Management, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.
- Palo Alto Networks WildFire
- Recorded Future
- ReversingLabs A1000
- ReversingLabs TitaniumCloud
- VirusTotal
Host and network security requirements
Specific ports and processes are needed to run Client Management.
Ports
For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.
The following ports are required for Client Management communication.
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
| Module Server | Module Server (loopback) | 17455 | TCP | Internal purposes; not externally accessible |
No additional ports are required.
Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
| Target Device | Notes | Exclusion Type | Exclusion |
|---|---|---|---|
| Module Server | Process | <Module Server>\services\reputation-service\node.exe |
Client Management requires no specific security exclusions. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
Internet URLs
If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to allow URLs on the Tanium Module Server associated with a configured reputation source. For more information about required URLs to allow, see the reputation provider documentation.
User role requirements
The following tables list the role permissions required to use Client Management. To review a summary of the predefined roles, see Set up Client Management users.
For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.
| Permission | Client Management Administrator4 | Client Management Operator43 | Client Management Service Account3,4 |
|---|---|---|---|
|
Client Management1,2 READ: Read access to the Client Management shared service WRITE: Write access to the Client Management shared service SHOW: View the Client Management workbench |
READ WRITE SHOW |
READ WRITE SHOW |
|
|
Client Management Administrator Administrative access to the Client Management shared service |
ADMINISTER |
|
|
|
Client Management Hash List2 Access to the Client Management hash list data |
READ WRITE |
READ WRITE |
|
|
Client Management Provider Access to the provider configurations |
READ WRITE |
READ WRITE |
|
|
Client Management Service Account Access to module service accounts to read and write data |
|
|
EXECUTE |
|
1 If you need access to only the Malicious tab in the Reputations section of the Reputation Overview page, you can add the Client Management show and Client Management read or Client Management write permissions to your user. 2 If you need access to only the Reputations section of the Reputation Overview page, you can add the Client Management show, Client Management Hash List read, and either the Client Management read or Client Management write permissions to your user. 3This role provides module permissions for Tanium Connect. You can view which Connect permissions are granted to this role in the Tanium Console. For more information, see Tanium Connect User Guide: User role requirements. 43 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements. |
|||
| Content Set for Permission | Client Management Administrator | Client Management Operator | Client Management Service Account | |
|---|---|---|---|---|
| Plugin | Client Management |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
| Connect Plugin | Connect |
|
|
MANAGEMENT |
| Plugin | Trends |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
|
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. |
||||
For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.
Last updated: 9/20/2023 1:49 PM | Feedback