Getting started with Tanium Cloud

Step 1: Configure identity providers

Production Tanium Cloud instances require that you have a SAML 2.0 compliant identity provider with 2FA enabled. The identity provider must be authoritative for its user email domain. You can configure your identity provider with the help of the Tanium Cloud Management Portal (CMP). A Get Started link to sign in to the portal is sent to you with your temporary credentials.

See Configuring identity providers in the CMP.

The email address must be able to authenticate with the identity provider the customer wants to use with Tanium Cloud.

Example instructions to manually configure different identity providers follow:

Step 2: Configure custom maintenance window

By default, maintenance updates for Tanium Cloud services happen between the following times based on the deployment region Monday to Friday:

  • EMEA/Northwest Europe - 1:00 AM to 7:00 AM UTC

  • Americas/Canada/South America - 7:00 AM to 1:00 PM UTC

  • Asia Pacific/Oceania - 1:00 PM to 7:00 PM UTC

You can override the default maintenance window and configure one of the following starting times (and corresponding time ranges) that is more convenient for your organization:

  • 1:00 AM (1:00 AM to 7:00 AM UTC)

  • 7:00 AM (7:00 AM to 1:00 PM UTC)

  • 1:00 PM (1:00 PM to 7:00 PM UTC)

  • 7:00 PM (7:00 PM to 1:00 AM UTC)

Selecting a starting time displays the maintenance update window in the local time zone.

  1. From the CMP Administration page, click Edit next to Maintenance Window.
  2. Select a Time Zone and the Maintenance Window start time.

    The end time of the maintenance window automatically updates after you select a start time.

    Click Info to read the disclaimer about Tanium Cloud maintenance windows.

  3. Save your changes.

Step 3: Configure client security exceptions

  • Configure open communication on ports 17472 and 17486 on all your endpoints to enable communication between endpoints and Tanium Cloud, and between endpoints.
  • Configure security software exceptions on your endpoints to prevent interference with Tanium Client activities.

See Host and network security requirements.

Tanium Cloud uses the Tanium™ Protocol for communication among managed endpoints and for communication between the endpoints and Tanium Cloud. It is an application protocol that is proprietary to Tanium and that uses TLS 1.2 to encrypt communication. You cannot use network devices such as firewalls to decrypt and inspect Tanium Protocol traffic.

Step 4: Create additional roles, groups, users

Control access to the Tanium Cloud platform and solutions by assigning users to groups and roles. See Tanium Console User Guide: RBAC overview.

Step 5: Deploy Tanium Client

Download client installer bundles from Tanium Client Management. Use any existing software distribution method to distribute the Tanium Client to endpoints. Contact Tanium Support for assistance.

On the CMP Administration page, note the values for the Client Edge URLs. Make sure the endpoints in your environment can reach these URLs. For more information, see Tanium Client Management User Guide: Network connectivity, ports, and firewalls.

If you are migrating from an on-premises Tanium™ Server to Tanium Cloud, Contact Tanium Support for migration guidance.

Step 6: Use Tanium Platform and solutions

After the initial setup is complete, you can use the Tanium platform and solutions that you have provisioned. To get started with the Tanium platform, see Tanium Console User Guide.

You can access a historical view of all the modules that were installed or upgraded in your Tanium Cloud instance. See Troubleshooting Tanium Cloud.

Tanium installs and configures all entitled solutions so that you can start getting value from Tanium the first time you sign in to the Tanium Console.

Tanium™ API Gateway

No default settings are configured for API Gateway.

Tanium™ Asset

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Import schedule

The import schedule is set to start collecting data and generating reports.

Tanium™ Benchmark

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Client Management

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

Tanium™ Comply

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Comply tools

Comply tools and the Tanium Scan Engine (powered by JovalCM) are deployed to endpoints.
Default configuration

The default configuration does the following:

  • Sets up a scheduled TVL download (by default 3am every day)

  • Downloads and imports the certified benchmarks from content.tanium.com

  • Downloads and installs the engines

  • Downloads the latest TVL

  • Creates default compliance and vulnerability assessments for each operating system

Tanium™ Connect

No default settings are configured for Connect.

Tanium™ Criticality

The following default settings are configured:

Setting Default value
Rules
  • Domain Controllers
  • Servers
  • Workstations

Tanium™ Deploy

The following default settings are configured for Deploy:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Deploy deployment templates

The following deployment templates are created:

  • [Standard Deployment] - default
  • [Deployment with Reboot]
  • [Deployment with Pre-Notification]

Deploy maintenance windows

An Always On maintenance window is created, and enforced against the All Computers computer group.
Deploy configurations For action locked machines, only applicability scanning is enabled, so that deployments cannot run on action locked machines.

Tanium™ Direct Connect

The following default setting is configured:

Setting Default Value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Discover

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ End-User Notifications

The following default settings are configured for End-User Notifications:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
End-User Notifications configurations
  • A default End-User Notifications configuration is created.
  • The End-User Notifications tools are distributed to endpoints.

Tanium™ Endpoint Configuration

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

Tanium™ Enforce

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Computer groups The Enforce tools group is set to All Computers.

Tanium™ Impact

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group

    Because Impact is currently supported only on Windows endpoints, the Targeting Criteria for the action to distribute the Impact tools filters the group to Windows endpoints.

  • Restricted targeting enabled: No Computers computer group

Tanium™ Integrity Monitor

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All AIX, All Linux, All Solaris, and All Windows computer groups
  • Restricted targeting enabled: No Computers computer group
Monitor creation

A monitor is created for each supported operating system (Windows, Linux, Solaris, and AIX).

The Windows monitor is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, All Windows Server 2019, and All Windows Server 2022.

All other monitors are targeted to the associated All <Operating System> computer group: All Linux and All Solaris.

If one or more of the targeted operating systems are not used in your environment, delete the associated monitors.
Monitor deployments The monitors are deployed to endpoints.
Watchlist

A watchlist is created for each supported operating system based on the Critical System Files template for the operating system.

The Windows watchlist is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, All Windows Server 2019, and All Windows Server 2022.

All other watchlists are targeted to the associated All <Operating System> computer group: All Linux and All Solaris.

If one or more of the targeted operating systems are not used in your environment, delete the associated watchlists.
Watchlist deployments The watchlists are deployed to endpoints.

Tanium™ Interact

No default settings are configured for Interact.

Tanium™ Map

The following default setting is configured: 

Setting Default value
Action group
  • Restricted targeting disabled (default): All Windows Servers and All Linux computer groups
  • Restricted targeting enabled: No Computers computer group

Tanium™ Patch

The following default settings are configured for Patch:

Setting Default value
Action group
  • Restricted targeting disabled (default): Patch Supported Systems computer group
  • Restricted targeting enabled: No Computers computer group
Patch computer groups

Computer groups that Patch requires are imported:

  • All Amazon
  • All Debian
  • All Debian 8
  • All Debian 9
  • All Debian 10
  • All Debian 11
  • All CentOS 6
  • All CentOS 7
  • All CentOS 8
  • All Oracle 6
  • All Oracle 7
  • All Oracle 8
  • All Red Hat 6
  • All Red Hat 7
  • All Red Hat 8
  • All OpenSLES 11
  • All OpenSLES 12
  • All OpenSLES 15
  • All SUSE
  • All Mac
  • All macOS 10.13
  • All macOS 10.14
  • All macOS 10.15
  • All macOS 11
  • All macOS 11.0
  • All macOS 11.1
  • All macOS 11.2
  • All macOS 11.3
  • All macOS 11.4
  • All macOS 11.5
  • All macOS 11.6
  • All macOS 11.7
  • All macOS 12

  • All Ubuntu
  • All Ubuntu 14.04 - amd64
  • All Ubuntu 14.04 - i386
  • All Ubuntu 14.04 - arm64
  • All Ubuntu 16.04 - amd64
  • All Ubuntu 16.04 - i386
  • All Ubuntu 16.04 - arm64
  • All Ubuntu 18.04 - amd64
  • All Ubuntu 18.04 - i386
  • All Ubuntu 18.04 - arm64
  • All Ubuntu 20.04 - amd64
  • All Ubuntu 20.04 - i386
  • All Ubuntu 20.04 - arm64
  • All Ubuntu 22.04 - amd64
  • All Ubuntu 22.04 - i386
  • All Ubuntu 22.04 - arm64
  • All Windows
  • All Windows Servers
  • Patch Supported Systems
Patch scans

  • Tanium Scan for Windows is configured and synchronized.

  • Default scan configurations are created for each operating system and enforced by the recommended computer group.
Patch lists

The following patch lists are automatically created:

  • [Patch Baseline Deployment] - Windows
  • [Tanium Patch Baseline Reporting] - Windows
  • [Tanium Patch Baseline Reporting] - Linux
  • [Tanium Patch Baseline Reporting] - macOS
  • All Patches

  • [Tanium Patch Recommended Updates] - Windows

Patch block lists
  • The [Global Block List] - Windows block list is created and targets the Patch Supported Systems computer group. This block list excludes Security Only patches on Windows systems.
  • Default block lists are created for each supported operating system, but are not targeted.
Patch deployment templates

Default deployment templates are created for each supported operating system.
Patch maintenance windows
  • A [Patch Tuesday] - Windows default maintenance window is created for Patch Tuesday and is not enforced on any computer groups.
  • Default maintenance windows are created for each supported operating system to block patch installations and reboots without first enabling another maintenance window. These maintenance windows are not enforced to any computer groups.

Tanium™ Performance

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Windows, All Linux, and All Mac computer groups.
  • Restricted targeting enabled: No Computers computer group.
Profiles A profile is created with the default event rule configuration that targets All Computers.

Tanium™ Reputation

No default settings are configured for Reputation.

Tanium™ Reveal

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Threat Response

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group.
  • Restricted targeting enabled: No Computers computer group.

Tanium Signals are imported.

The following Tanium Cloud profiles are created and deployed to specific computer groups:

Profile Name Detection configuration Index Configuration Recorder Configuration
[Tanium Default] - Windows

Deploys to All Windows computer group.
[Tanium Default] - Linux

Deploys to All Linux computer group.
[Tanium Default] - Mac

Deploys to All Mac computer group.

Tanium™ Trends

The following default settings are configured for Tanium Cloud:

Setting Default value
Tanium Cloud visibility Tanium Cloud visibility is set to the following computer groups if they exist:
  • All Computers
  • All Windows
  • All Linux
  • All Mac
  • All Workstations
  • All Servers
  • All Windows Workstations
  • All Windows Servers
Tanium Cloud boards Tanium Cloud imports all available boards and sources for the initial gallery. This includes boards and sources provided by any other Tanium solution that has a service account configured. After import, boards may take several minutes to initially display.

Step 7: Access Tanium Cloud APIs

To access the Tanium Cloud APIs, you must first create an API Token. For more information, see Tanium Console User Guide: Create API tokens.

Use the following URL for Tanium Cloud API access:

<customerURL>-api.cloud.tanium.com

The maximum payload size for API requests and responses is 10 MB.