Installing Comply

Tanium Cloud automatically handles module installations and upgrades.

For information about configuring Comply for Tanium™ Cloud, see Configuring Comply.

Use the Solutions page to install Comply and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Comply is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For details about the automatic configuration for Comply, see Import Comply with default settings.
  • Manual configuration with custom settings: After installing Comply, you must manually configure required settings. Select this option only if Comply requires settings that differ from the recommended default settings. For more information, see Import Comply with custom settings.

Use the Tanium Recommended Installation option.

Before you begin

Import Comply with default settings

When you import Comply with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Service account

The Comply service account is set to the account that you used to import the module.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure the service account.

Comply tools

Comply tools and the Tanium Scan Engine (powered by JovalCM) are deployed to endpoints.

Default configuration Compliance and vulnerability assessments are created for each operating system.

Scans begin to run after the installation completes.

Deployments begin immediately after solution installation. The Distribute over setting for the deployments is set to three minutes. After the three minute distribution window completes, reports will run. The Distribute over setting for reports is also three minutes.

To import Comply and configure default settings, be sure to select the Apply All Tanium recommended configurations option while performing the steps in Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Comply version.

(Tanium Core Platform 7.4.5 or later only) You can set the Comply action group to target the No Computers filter group by enabling restricted targeting before adding Comply to your Tanium licenseimporting Comply. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Tanium Comply action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

Import Comply with custom settings

To import Comply without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or upgrade to the latest versions of specific modules. After the import, verify that the correct version is installed: see Verify Comply version.

Reports and statistics on the Comply Home page might not be updated immediately with current results since this data is updated every 10 minutes.

To configure the service account, see Configure the service account.

To configure the Comply action group, see Configure Comply action group.

Manage solution dependencies

Other Tanium solutions are required for Comply to function (required dependencies) or for specific Comply features to work (feature-specific dependencies). See Solution dependencies.

Upgrade Comply

For the steps to upgrade Comply, see Tanium Console User Guide: Manage Tanium modules. After the upgrade, verify that the correct version is installed: see Verify Comply version.

For information on upgrade issues you may experience, see the Troubleshooting section.

Verify Comply version

After you import or upgrade Comply, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Modules > Comply to open the Comply Overview page.
  3. To display version information, click Info Info.