Getting started with Tanium Cloud

Step 1: Configure identity providers

Production Tanium Cloud instances require that you have a SAML 2.0 compliant identity provider with 2FA enabled. The identity provider must be authoritative for its user email domain. You can configure your identity provider with the help of the Tanium Cloud Management Portal (CMP). A Get Started link to sign in to the portal is sent to you with your temporary credentials.

See Configuring identity providers in the CMP.

Example instructions to manually configure different identity providers follow:

Step 2: Configure client security exceptions

  • Configure open communication on ports 17472 and 17486 on all your endpoints to enable communication between endpoints and Tanium Cloud, and between endpoints.
  • Configure security software exceptions on your endpoints to prevent interference with Tanium Client activities.

See Host and network security requirements.

Tanium Cloud uses the Tanium™ Protocol for communication among managed endpoints and for communication between the endpoints and Tanium Cloud. It is an application protocol that is proprietary to Tanium and that uses TLS 1.2 to encrypt communication. You cannot use network devices such as firewalls to decrypt and inspect Tanium Protocol traffic.

Step 3: Create additional roles, groups, users

Control access to the Tanium Cloud platform and solutions by assigning users to groups and roles. See Tanium Console User Guide: RBAC overview.

Step 4: Deploy Tanium Client

Download client installer bundles from Tanium Client Management. Use any existing software distribution method to distribute the Tanium Client to endpoints. Contact Tanium Support for assistance.

If you are migrating from an on-premises Tanium™ Server to Tanium Cloud, Contact Tanium Support for migration guidance.

Step 5: Use Tanium Platform and solutions

After the initial setup is complete, you can use the Tanium platform and solutions that you have provisioned. To get started with the Tanium platform, see Tanium Console User Guide.

You can access a historical view of all the modules that were installed or upgraded in your Tanium Cloud instance. See View module installation history.

Tanium installs and configures all entitled solutions so that you can start getting value from Tanium the first time you sign in to the Tanium Console.

Tanium™ API Gateway

No default settings are configured for API Gateway.

Tanium™ Asset

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Import schedule

The import schedule is set to start collecting data and generating reports.

Tanium™ Client Management

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

Tanium™ Comply

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Comply tools

Comply tools and the Tanium Scan Engine (powered by JovalCM) are deployed to endpoints.
Default configuration Compliance and vulnerability assessments are created for each operating system.

Tanium™ Connect

No default settings are configured for Connect.

Tanium™ Deploy

The following default settings are configured for Tanium Cloud:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Deploy deployment templates

The following deployment templates are created:

  • [Standard Deployment] - default
  • [Deployment with Reboot]
  • [Deployment with Pre-Notification]

Deploy maintenance windows

An Always On maintenance window is created, and enforced against the All Computers computer group.
Deploy configurations For action locked machines, only applicability scanning is enabled, so that deployments cannot run on action locked machines.

Tanium™ Direct Connect

The following default setting is configured:

Setting Default Value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Discover

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ End-User Notifications

The following default settings are configured for Tanium Cloud:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
End-User Notifications configurations
  • A default End-User Notifications configuration is created.
  • The End-User Notifications tools are distributed to endpoints.

Tanium™ Endpoint Configuration

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

Tanium™ Enforce

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Computer groups The Enforce tools group is set to All Computers.

Tanium™ Impact

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group

    Because Impact is currently supported only on Windows endpoints, the Targeting Criteria for the action to distribute the Impact tools filters the group to Windows endpoints.

  • Restricted targeting enabled: No Computers computer group

Tanium™ Integrity Monitor

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Watchlist A watchlist is created for each supported operating system (Windows, Linux, AIX, and Solaris) based on the Critical System Files template for the operating system.
Monitor creation

A monitor is created to deploy the watchlist for each supported operating system.

The Windows monitor is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, and All Windows Server 2019.

All other monitors are targeted to the associated All <Operating System> computer group: All Linux and All Solaris.

If one or more of the targeted operating systems are not used in your environment, delete the associated monitors.
Monitor deployments The monitors are deployed to endpoints.

Tanium™ Interact

No default settings are configured for Interact.

Tanium™ Map

The following default setting is configured: 

Setting Default value
Action group
  • Restricted targeting disabled (default): All Windows Servers and All Linux computer groups
  • Restricted targeting enabled: No Computers computer group

Tanium™ Patch

The following default settings are configured for Tanium Cloud:

Setting Default value
Action group
  • Restricted targeting disabled (default): Patch Supported Systems computer group
  • Restricted targeting enabled: No Computers computer group
Patch computer groups

Computer groups that Patch requires are imported:

  • All Amazon
  • All CentOS 6
  • All CentOS 7
  • All CentOS 8
  • All Oracle 6
  • All Oracle 7
  • All Oracle 8
  • All Red Hat 6
  • All Red Hat 7
  • All Red Hat 8
  • All OpenSLES 11
  • All OpenSLES 12
  • All OpenSLES 15
  • All SUSE
  • All Mac
  • All macOS 10.13
  • All macOS 10.14
  • All macOS 10.15
  • All macOS 11
  • All macOS 11.0
  • All macOS 11.1
  • All macOS 11.2
  • All macOS 11.3
  • All macOS 11.4
  • All macOS 11.5
  • All macOS 11.6
  • All macOS 11.7
  • All macOS 12
  • All Ubuntu
  • All Ubuntu 18
  • All Ubuntu 20
  • All Windows
  • All Windows Servers
  • Patch Supported Systems
Patch scans

  • Tanium Scan for Windows is configured and synchronized.

  • Default scan configurations are created for each operating system and enforced by the recommended computer group.
Patch lists
  • A [Patch Baseline Deployment] - Windows default baseline deployment patch list is created for Windows endpoints.
  • Default reporting patch lists are created for each supported operating system.
Patch block lists
  • The [Global Block List] - Windows block list is created and targets the All Windows computer group. This block list excludes Security Only patches on Windows systems.
  • Default block lists are created for each supported operating system, but are not targeted.
Patch deployment templates

Default deployment templates are created for each supported operating system.
Patch maintenance windows
  • A [Patch Tuesday] - Windows default maintenance window is created for Patch Tuesday and is not enforced on any computer groups.
  • Default maintenance windows are created for each supported operating system to block patch installations and reboots without first enabling another maintenance window. These maintenance windows are not enforced to any computer groups.

Tanium™ Performance

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Windows, All Linux, and All Mac computer groups.
  • Restricted targeting enabled: No Computers computer group.
Profiles A profile is created with the default event rule configuration that targets All Computers.

Tanium™ Reputation

No default settings are configured for Reputation.

Tanium™ Reveal

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Risk

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Threat Response

The following default settings are configured for Tanium Cloud:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group.
  • Restricted targeting enabled: No Computers computer group.

Tanium Signals are imported.

The following Tanium Cloud profiles are created and deployed to specific computer groups:

Profile Name Intel configuration Engine configuration Recorder Configuration Index Configuration
[Tanium Default] - Windows

Deploys to All Windows computer group.
[Tanium Default] - Linux

Deploys to All Linux computer group.
[Tanium Default] - Mac

Deploys to All Mac computer group.

Tanium™ Trends

The following default settings are configured for Tanium Cloud:

Setting Default value
Tanium Cloud visibility Tanium Cloud visibility is set to the following computer groups if they exist:
  • All Computers
  • All Windows
  • All Linux
  • All Mac
  • All Workstations
  • All Servers
  • All Windows Workstations
  • All Windows Servers
Tanium Cloud boards Tanium Cloud imports all available boards and sources for the initial gallery. This includes boards and sources provided by any other Tanium solution that has a service account configured. After import, boards may take several minutes to initially display.

Step 6: Access Tanium Cloud APIs

To access the Tanium Cloud APIs, you must first create an API Token. For more information, see Tanium Console User Guide: Create API tokens.

Use the following URL for Tanium Cloud API access:

<customerURL>-api.cloud.tanium.com

The maximum payload size for API requests and responses is 10 MB.