Installing Comply

Tanium as a Service automatically handles module installations and upgrades.

For information about configuring Comply for Tanium as a Service (TaaS), see Configure Comply.

Use the Solutions page to install Comply and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Comply is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For details about the automatic configuration for Comply, see Import Comply with default settings.
  • Manual configuration with custom settings: After installing Comply, you must manually configure required settings. Select this option only if Comply requires settings that differ from the recommended default settings. For more information, see Import Comply with custom settings.

Use the Tanium Recommended Installation option.

Before you begin

Import Comply with default settings

When you import Comply with automatic configuration, the following default settings are configured:

Setting Default value
Action group

The Comply action group is set to the computer group All Computers.

Computer groups

Computer groups that Comply requires are imported:

  • All Computers
  • All Windows 10
  • All Windows Server 2012 R2
  • All Windows Server 2016
  • All Windows Server 2019
  • All Red Hat 7
  • All Red Hat 8
  • All Ubuntu 18
  • All Ubuntu 19
  • All Ubuntu 20
  • All CentOS 7
  • All CentOS 8
  • All macOS 10.14
  • All macOS 10.15
Service account The Comply service account is set to the account that you used to import the module.
Comply tools

Comply tools and the Tanium Scan Engine (powered by JovalCM) are deployed to endpoints.

Default configuration Compliance and vulnerability assessments are created for each operating system.

Scans begin to run after the installation completes.

Deployments begin immediately after module installation. The Distribute over setting for the deployments is set to three minutes. After the three minute distribution window completes, reports will run. The Distribute over setting for reports is also three minutes.

To import Comply and configure default settings, be sure to select the Apply All Tanium recommended configurations option while performing the steps in Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Comply version.

(Tanium Core Platform 7.4.5 or later only) You can set the module action group to target the No Computers filter group by enabling restricted targeting before adding the module to your Tanium licenseimporting the module. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the module action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

Import Comply with custom settings

To import Comply without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or upgrade to the latest versions of specific modules. After the import, verify that the correct version is installed: see Verify Comply version.

Reports and statistics on the Comply Home page might not be updated immediately with current results since this data is updated every 10 minutes.

To configure the service account, see Configure the service account.

To configure the Comply action group, see Configure Comply action group.

Manage dependencies for Tanium solutions

When you start the Comply workbench for the first time, the Tanium Console ensures that all of the required dependencies for Comply are installed at the required version. You must install all required Tanium dependencies before the Comply workbench can load. A banner appears if one or more Tanium dependencies are not installed in the environment. The Tanium Console lists the required Tanium dependencies and the required versions.

  1. Install the modules and shared services that the Tanium Console lists as dependencies, as described under Tanium Console User Guide: Import, re-import, or update specific solutions.
  2. From the Main menu, go to Modules > Comply to open the Comply Overview page.

Tanium Platform Services

Tanium Platform Services provides shared components to multiple Tanium solutions for a consistent product experience. Platform Services is located in the Supported Solutions table of the Content section and contains the following:

Reporting Service

The Reporting Service drives the data exploration and investigation experience of multiple Tanium modules. It is a flexible, rich interface designed to more easily surface endpoint data in a consistent manner across the product.

API Gateway

API Gateway is a single and stable API integration point for the various Tanium solutions. It is designed for Tanium partners and customers interested in building integrated solutions with the Tanium platform. If you are interested in using API Gateway for your integration use case, Contact Tanium Support.

Comply 2.10 or later requires the reporting service in Tanium Platform Services 1.3.

Upgrade Comply

For the steps to upgrade Comply, see Tanium Console User Guide: Manage Tanium modules. After the upgrade, verify that the correct version is installed: see Verify Comply version.

For information on upgrade issues you may experience, see the Troubleshooting section.

Verify Comply version

After you import or upgrade Comply, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Modules > Comply to open the Comply Overview page.
  3. To display version information, click Info Info.