This documentation includes content for releases that might not be available on-premises. For the latest on-premises Comply documentation, see the PDF version of Tanium™ Comply User Guide version 2.18.390.
Setting up endpoints
Scan endpoints by configuring engines for targeted computer groups.
Configure engines
Target deployments to computer groups based on the architecture and platform of the targeted endpoints to deploy engines and JREs to endpoints on a schedule. For example, you might want to create the following deployments:
- Windows 64-bit
- Windows 32-bit
- macOS 64-bit
- Linux 64-bit
- Ensure that the computer groups targeted by each deployment include all applicable endpoints. Review the deployments to confirm that no computer groups are missing.
- Ensure that deployments are created for all possible architectures (bitness) and platforms. For example, some environments still contain 32-bit Linux and Windows endpoints. These endpoints require specific deployments.
By default, Tanium provides the Tanium Scan Engine (powered by JovalCM), but if you uploaded another supported engine, you can select that engine. For more information on scan engines, see Working with scan engines and JREs.
- Go to Setup > Configuration.
- In the Engines tab, do the following:
- Click
for an engine in the list to open the targeting window. - Select Computer Groups you want to target.
Default: Default targeting uses the Comply action group.
Custom Targeting: Choose this option to build your own groupings. Use the And/Or buttons to build upon or narrow your selection. Use the Row button to add a new row to the group. Use the Grouping button to build another And/Or combination for targeting. When finished, click Apply for each selection and then click Save.
Do not distribute to endpoints: Choose this option to prevent the engine from being distributed to endpoint systems.
You must register sensors that are referenced by the action group. See Manage sensor results collection.
- Click Save.
Custom settings
Set limits for engines on endpoints using targeting.
On the Setup > Configuration page, select the Custom Settings tab.
- For CPU Count, 1 CPU is selected.
- For Java Heap Size, a default value 768 MB is set.
- For Targeting, Default is selected for the action group.
- To create a custom configuration, click the Customize button.
- In the Create Custom Settings window, set the following:
- Resource mode: The default setting is Normal. Change this setting to Low, and the Tanium scan engine will utilize fewer resources on the endpoint.
It only applies to the Tanium scan engine.
Tanium scan engine version 6.3.7 or higher is required.
Scans take more time to complete.
The CPU Count automatically defaults to 1 and the Max Java Heap size is set to 128 MB.
CPU Utilization (Windows OS types only) can be set as low as 10%. If other resources are using CPU, the scan will pause until the set amount of CPU is available.
- CPU Count: Set a maximum number of CPUs for scanning. The default recommendation is 1 CPU.
- Java Heap Size: Set the maximum amount of Java heap memory used for scanning. The default recommendation is 768 MB.
- Targeting: Select endpoints to receive these customized settings. Select Default or Custom Targeting.
- Custom Targeting: Choose this option to build your own groupings. Use the And/Or buttons to build upon or narrow your selection. Use the Row button to add a new row to the group. Use the Grouping button to build another And/Or combination for targeting. When finished, click Apply for each selection.
Note the following about Low Resource Mode:
- Click Save.
The default configuration with suggested "best practice" parameters is displayed:
Last updated: 5/30/2023 11:40 AM | Feedback