Reference: Default solution configurations

Tanium installs and configures all entitled solutions so that you can start getting value from Tanium the first time you sign in to the Tanium Console. The following sections specify the default settings that are configured for each solution.

Tanium™ API Gateway

No default settings are configured for API Gateway.

Tanium™ Asset

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Import schedule

The import schedule is set to start collecting data and generating reports.

Tanium™ Benchmark

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Certificate Manager

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

If the action group was already created in a previous version of Certificate Manager, the action group is not updated.
Scheduled action for default audit settings
  • Maximum Audit Age: 1 Day
  • Port Scan: enabled
  • Log Verbosity: Info
  • Distribute over time: 15 Minutes

Tanium™ Client Management

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

Tanium™ Comply

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Comply tools

Comply tools and the Tanium Scan Engine (powered by JovalCM) are deployed to endpoints.
Default configuration

The default configuration does the following:

  • Sets up a scheduled TVL download (by default 3am every day)

  • Downloads and imports the certified benchmarks from content.tanium.com

  • Downloads and installs the engines

  • Downloads the latest TVL

  • Creates default compliance and vulnerability assessments for each operating system

Tanium™ Connect

No default settings are configured for Connect.

Tanium™ Criticality

The following default settings are configured:

Setting Default value
Endpoint rules
  • Domain Controllers
  • Servers
  • Workstations
Group rules Default Critical Active Directory Groups

Tanium™ Deploy

The following default settings are configured for Deploy:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Deploy deployment templates

The following deployment templates are created:

  • [Standard Deployment] - default
  • [Deployment with Reboot]
  • [Deployment with Pre-Notification]

Deploy maintenance windows

An Always On maintenance window is created, and enforced against the All Computers computer group.
Deploy configurations For action locked machines, only applicability scanning is enabled, so that deployments cannot run on action locked machines.
Deploy software packages

The following Predefined Package Gallery packages are automatically imported:

  • Adobe Digital Editions

  • Adobe Acrobat Reader DC (en-us)
  • Adobe Acrobat Reader DC (en-us) (64-bit)
  • Adobe Acrobat Reader DC (MUI)
  • Adobe Acrobat Reader DC (MUI) (64-bit)
  • Microsoft Power BI Desktop (x64)
  • Microsoft Power BI Desktop
  • Microsoft Teams (x64)
  • Microsoft Teams (x86)
  • Microsoft Visual Studio Code (x64 en-us)
  • Microsoft Visual Studio Code (x86 en-us)
  • Mozilla Firefox (x64 en-US)
  • Mozilla Firefox (x86 en-US)
  • VideoLAN VLC media player (32-bit)
  • VideoLAN VLC media player (64-bit)
  • Zoom Zoom
  • Zoom Zoom (64-bit)

Tanium™ Direct Connect

The following default setting is configured:

Setting Default Value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Discover

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ End-User Notifications

The following default settings are configured for End-User Notifications:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
End-User Notifications configurations
  • A default End-User Notifications configuration is created.
  • The End-User Notifications tools are distributed to endpoints.

Tanium™ Endpoint Configuration

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

Tanium™ Enforce

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Computer groups The Enforce tools group is set to All Computers.

Tanium™ Engage

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Windows Workstations computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Feed

No default settings are configured for Feed.

Tanium™ Impact

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group

    Because Impact is currently supported only on Windows endpoints, the Targeting Criteria for the action to distribute the Impact tools filters the group to Windows endpoints.

  • Restricted targeting enabled: No Computers computer group

Tanium™ Integrity Monitor

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All AIX, All Linux, All Solaris, and All Windows computer groups
  • Restricted targeting enabled: No Computers computer group
Monitor creation

A monitor is created for each supported operating system (Windows, Linux, Solaris, and AIX).

The Windows monitor is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, All Windows Server 2019, and All Windows Server 2022.

All other monitors are targeted to the associated All <Operating System> computer group: All Linux and All Solaris.

If one or more of the targeted operating systems are not used in your environment, delete the associated monitors.
Monitor deployments The monitors are deployed to endpoints.
Watchlist

A watchlist is created for each supported operating system based on the Critical System Files template for the operating system.

The Windows watchlist is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, All Windows Server 2019, and All Windows Server 2022.

All other watchlists are targeted to the associated All <Operating System> computer group: All Linux and All Solaris.

If one or more of the targeted operating systems are not used in your environment, delete the associated watchlists.
Watchlist deployments The watchlists are deployed to endpoints.

Tanium™ Interact

No default settings are configured for Tanium Cloud.

Tanium™ Investigate

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Map

The following default setting is configured: 

Setting Default value
Action group
  • Restricted targeting disabled (default): All Windows Servers and All Linux computer groups
  • Restricted targeting enabled: No Computers computer group

Tanium™ Patch

The following default settings for managing Windows and Linux endpoints are configured for Patch:

Setting Default value
Action group
  • Restricted targeting disabled (default): Patch Supported Systems computer group
  • Restricted targeting enabled: No Computers computer group
Patch computer groups

Computer groups that Patch requires are imported:

  • All Alma Linux 8
  • All Amazon
  • All Debian
  • All Debian 8
  • All Debian 9
  • All Debian 10
  • All Debian 11
  • All CentOS 6
  • All CentOS 7
  • All CentOS 8
  • All OpenSUSE 15
  • All Oracle 6
  • All Oracle 7
  • All Oracle 8
  • All Red Hat 6
  • All Red Hat 7
  • All Red Hat 8
  • All Red Hat 9
  • All Rocky Linux 8
  • All SLES 11
  • All SLES 12
  • All SLES 15
  • All SUSE

  • All Ubuntu
  • All Ubuntu 14.04 - amd64
  • All Ubuntu 14.04 - i386
  • All Ubuntu 14.04 - arm64
  • All Ubuntu 16.04 - amd64
  • All Ubuntu 16.04 - i386
  • All Ubuntu 16.04 - arm64
  • All Ubuntu 18.04 - amd64
  • All Ubuntu 18.04 - i386
  • All Ubuntu 18.04 - arm64
  • All Ubuntu 20.04 - amd64
  • All Ubuntu 20.04 - i386
  • All Ubuntu 20.04 - arm64
  • All Ubuntu 22.04 - amd64
  • All Ubuntu 22.04 - i386
  • All Ubuntu 22.04 - arm64
  • All Windows
  • All Windows Servers
  • Patch Supported Systems
Patch scans

  • Tanium Scan for Windows is configured and synchronized.

  • Default scan configurations are created for Windows and Linux and enforced by the recommended computer group.
Patch lists

The following patch lists are automatically created:

  • [Patch Baseline Deployment] - Windows
  • [Tanium Patch Baseline Reporting] - Windows
  • [Tanium Patch Baseline Reporting] - Linux
  • All Patches

  • [Tanium Patch Recommended Updates] - Windows

Patch block lists
  • The [Global Block List] - Windows block list is created and targets the Patch Supported Systems computer group. This block list excludes Security Only patches on Windows systems.
  • A default block list is created for Linux but is not targeted.
Patch deployment templates

Default deployment templates are created for Windows and Linux.
Patch maintenance windows
  • A [Patch Tuesday] - Windows default maintenance window is created for Patch Tuesday and is not enforced on any computer groups.
  • Default maintenance windows are created for Windows and Linux to block patch installations and reboots without first enabling another maintenance window. These maintenance windows are not enforced to any computer groups.

Tanium™ Performance

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Windows, All Linux, and All Mac computer groups.
  • Restricted targeting enabled: No Computers computer group.
Profiles A profile is created with the default event rule configuration that targets All Computers.

Tanium™ Provision

The following default settings are configured for Tanium Cloud:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Reporting

No default settings are configured for Reporting.

Tanium™ Reputation

No default settings are configured for Reputation.

Tanium™ Reveal

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

Tanium™ Threat Response

The following default settings are configured:

Tanium Signals are imported.

The following Tanium Cloud profiles are created and deployed to specific computer groups:

Profile Name Detection configuration Index Configuration Recorder Configuration
[Tanium Default] - Windows

Deploys to All Windows computer group.
[Tanium Default] - Linux

Deploys to All Linux computer group.
[Tanium Default] - Mac

Deploys to All Mac computer group.

Tanium™ Trends

The following default settings are configured for Tanium Cloud:

Setting Default value
Tanium Cloud visibility Tanium Cloud visibility is set to the following computer groups if they exist:
  • All Computers
  • All Windows
  • All Linux
  • All Mac
  • All Workstations
  • All Servers
  • All Windows Workstations
  • All Windows Servers
Tanium Cloud boards Tanium Cloud imports all available boards and sources for the initial gallery. This includes boards and sources provided by any other Tanium solution that has a service account configured. After import, boards may take several minutes to initially display.

Zero Trust

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group