Getting started with Tanium Cloud
Step 1: Configure identity providers
Production Tanium Cloud instances require that you have a SAML 2.0 compliant identity provider with 2FA enabled. The identity provider must be authoritative for its user email domain. You can configure your identity provider with the help of the Tanium Cloud Management Portal (CMP). A Get Started link to sign in to the portal is sent to you with your temporary credentials.
See Configuring identity providers in the CMP.
Example instructions to manually configure different identity providers follow:
- General
- OneLogin
- Auth0
- Duo Access Gateway
- Configuring Azure AD for Tanium Cloud
- Configuring Okta for Tanium Cloud
- Configuring AD FS for Tanium Cloud
- Configuring Oracle Identity Cloud Service for Tanium Cloud
- Configuring PingFederate for Tanium Cloud
- Configuring Google Cloud Identity for Tanium Cloud
- Configuring Salesforce for Tanium Cloud
Step 2: Configure client security exceptions
- Configure open communication on ports 17472 and 17486 on all your endpoints to enable communication between endpoints and Tanium Cloud, and between endpoints.
- Configure security software exceptions on your endpoints to prevent interference with Tanium Client activities.
See Host and network security requirements.
Tanium Cloud uses the Tanium™ Protocol for communication among managed endpoints and for communication between the endpoints and Tanium Cloud. It is an application protocol that is proprietary to Tanium and that uses TLS 1.2 to encrypt communication. You cannot use network devices such as firewalls to decrypt and inspect Tanium Protocol traffic.
Step 3: Create additional roles, groups, users
Control access to the Tanium Cloud platform and solutions by assigning users to groups and roles. See Tanium Console User Guide: RBAC overview.
Step 4: Deploy Tanium Client
Download client installer bundles from Tanium Client Management. Use any existing software distribution method to distribute the Tanium Client to endpoints. Contact Tanium Support for assistance.
If you are migrating from an on-premises Tanium™ Server to Tanium Cloud, Contact Tanium Support for migration guidance.
Step 5: Use Tanium Platform and solutions
After the initial setup is complete, you can use the Tanium platform and solutions that you have provisioned. To get started with the Tanium platform, see Tanium Console User Guide.
You can access a historical view of all the modules that were installed or upgraded in your Tanium Cloud instance. See View module installation history.
Tanium installs and configures all entitled solutions so that you can start getting value from Tanium the first time you sign in to the Tanium Console.
- Tanium™ API Gateway
- Tanium™ Asset
- Tanium™ Client Management
- Tanium™ Comply
- Tanium™ Connect
- Tanium™ Deploy
- Tanium™ Direct Connect
- Tanium™ Discover
- Tanium™ End-User Notifications
- Tanium™ Endpoint Configuration
- Tanium™ Enforce
- Tanium™ Impact
- Tanium™ Integrity Monitor
- Tanium™ Interact
- Tanium™ Map
- Tanium™ Patch
- Tanium™ Performance
- Tanium™ Reputation
- Tanium™ Reveal
- Tanium™ Risk
- Tanium™ Threat Response
- Tanium™ Trends
Tanium™ API Gateway
No default settings are configured for API Gateway.
Tanium™ Asset
The following default settings are configured:
Setting | Default value |
---|---|
Action group |
|
Import schedule |
The import schedule is set to start collecting data and generating reports. |
Tanium™ Client Management
The following default setting is configured:
Setting | Default Value |
---|---|
Action group |
The action group is set to the All Computers computer group. |
Tanium™ Comply
The following default settings are configured:
Setting | Default value |
---|---|
Action group |
|
Comply tools |
Comply tools and the Tanium Scan Engine (powered by JovalCM) are deployed to endpoints. |
Default configuration | Compliance and vulnerability assessments are created for each operating system. |
Tanium™ Connect
No default settings are configured for Connect.
Tanium™ Deploy
The following default settings are configured for Tanium Cloud:
Setting | Default value |
---|---|
Action group |
|
Deploy deployment templates |
The following deployment templates are created:
|
Deploy maintenance windows |
An Always On maintenance window is created, and enforced against the All Computers computer group. |
Deploy configurations | For action locked machines, only applicability scanning is enabled, so that deployments cannot run on action locked machines. |
Tanium™ Direct Connect
The following default setting is configured:
Setting | Default Value |
---|---|
Action group |
|
Tanium™ Discover
The following default setting is configured:
Setting | Default value |
---|---|
Action group |
|
Tanium™ End-User Notifications
The following default settings are configured for Tanium Cloud:
Setting | Default value |
---|---|
Action group |
|
End-User Notifications configurations |
|
Tanium™ Endpoint Configuration
The following default setting is configured:
Setting | Default Value |
---|---|
Action group |
The action group is set to the All Computers computer group. |
Tanium™ Enforce
The following default settings are configured:
Setting | Default value |
---|---|
Action group |
|
Computer groups | The Enforce tools group is set to All Computers. |
Tanium™ Impact
The following default setting is configured:
Setting | Default value |
---|---|
Action group |
|
Tanium™ Integrity Monitor
The following default settings are configured:
Setting | Default value |
---|---|
Action group |
|
Watchlist | A watchlist is created for each supported operating system (Windows, Linux, AIX, and Solaris) based on the Critical System Files template for the operating system. |
Monitor creation |
A monitor is created to deploy the watchlist for each supported operating system. The Windows monitor is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, and All Windows Server 2019. All other monitors are targeted to the associated All <Operating System> computer group: All Linux and All Solaris. If one or more of the targeted operating systems are not used in your environment, delete the associated monitors. |
Monitor deployments | The monitors are deployed to endpoints. |
Tanium™ Interact
No default settings are configured for Interact.
Tanium™ Map
The following default setting is configured:
Setting | Default value |
---|---|
Action group |
|
Tanium™ Patch
The following default settings are configured for Tanium Cloud:
Setting | Default value |
---|---|
Action group |
|
Patch computer groups |
Computer groups that Patch requires are imported:
|
Patch scans |
|
Patch lists |
|
Patch block lists |
|
Patch deployment templates |
Default deployment templates are created for each supported operating system. |
Patch maintenance windows |
|
Tanium™ Performance
The following default settings are configured:
Setting | Default value |
---|---|
Action group |
|
Profiles | A profile is created with the default event rule configuration that targets All Computers. |
Tanium™ Reputation
No default settings are configured for Reputation.
Tanium™ Reveal
The following default setting is configured:
Setting | Default value |
---|---|
Action group |
|
Tanium™ Risk
The following default setting is configured:
Setting | Default value |
---|---|
Action group |
|
Tanium™ Threat Response
The following default settings are configured for Tanium Cloud:
Setting | Default value |
---|---|
Action group |
|
Tanium Signals are imported.
The following Tanium Cloud profiles are created and deployed to specific computer groups:
Profile Name | Intel configuration | Engine configuration | Recorder Configuration | Index Configuration |
---|---|---|---|---|
[Tanium Default] - Windows
Deploys to All Windows computer group. |
|
|
|
|
[Tanium Default] - Linux
Deploys to All Linux computer group. |
|
|
|
|
[Tanium Default] - Mac
Deploys to All Mac computer group. |
|
|
|
|
Tanium™ Trends
The following default settings are configured for Tanium Cloud:
Setting | Default value |
---|---|
Tanium Cloud visibility | Tanium Cloud visibility is set to the following computer groups if they exist:
|
Tanium Cloud boards | Tanium Cloud imports all available boards and sources for the initial gallery. This includes boards and sources provided by any other Tanium solution that has a service account configured. After import, boards may take several minutes to initially display. |
Step 6: Access Tanium Cloud APIs
To access the Tanium Cloud APIs, you must first create an API Token. For more information, see Tanium Console User Guide: Create API tokens.
Use the following URL for Tanium Cloud API access:
<customerURL>-api.cloud.tanium.com
The maximum payload size for API requests and responses is 10 MB.
Last updated: 5/12/2022 6:14 PM | Feedback