Configuring Tanium Connect

If you did not install Connect with the Apply All Tanium recommended configurations option, you must enable and configure certain features.

No default settings are configured for Connect.

Configure Connect

Configure settings

You can configure the following settings for Connect in the Configuration tab of the Connect Settings:

Connection Run Log Expiration

Number of days before connection run logs are removed.

Connect Service Log Level

Log level for the Connect service logs.

Default Workbench Time Zone

Time zone that is used by default by the Connect workbench.

Internal IPs

Allow anyone to run connections to IP addresses in the following internal subnets:

  • 10.0.0.0/8
  • 127.0.0.0/8
  • 169.254.0.0/16
  • 172.16.0.0/12
  • 192.168.0.0/16

For more information, see Test connections.

Memory Ceiling

The global maximum sum of memory (Gb) for all simultaneously running connections. This defaults to 8 GB. The per-connection Memory Ceiling (by default, 1 GB) cannot exceed the global Memory Ceiling. Increase this setting when you have one or more demanding connections that frequently exhibit out of memory errors while running.

If the sum of simultaneously scheduled connection Memory Ceiling values exceed the global Memory Ceiling, connections run until the global Memory Ceiling is reached, then any remaining connections enter a waiting queue if you select the Queue Connections configuration setting, or fail if you clear the Queue Connections configuration setting.

Process Count Limit

Specify how many scheduled connections can run simultaneously, each with its own dedicated background process. This setting gives you better control over how many simultaneously running connections you want to allow in your environment. Set to 0 to allow unlimited simultaneous connections.

Queue Connections

Option to queue additional scheduled connections when the maximum memory or process counts is reached. If this setting is not enabled, any connections beyond the specified maximum values that attempt to run result in failures.

Set up Connect users

You can use the following set of predefined user roles to set up Connect users.

To review specific permissions for each role, see User role requirements.

On installation, Connect creates a Connect user to automatically manage the Connect service account. Do not edit or delete the Connect user.

For more information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.

Connect Administrator

Assign the Connect Administrator role to users who manage the configuration of Connect.
This role can perform the following tasks:

  • Configure Connect settings, including resource allocation and logging
  • View, run, and create connections
  • Take ownership of connections owned by other users
  • Edit and delete owned connections
  • Access the Connect REST API

Connect Operator

Assign the Connect Operator role to users who manage the configuration of Connect.
This role can perform the following tasks:

  • Configure some Connect settings, including resource allocation and logging
  • View, run, and create connections
  • Take ownership of connections owned by other users
  • Edit and delete owned connections
  • Access the Connect REST API

Connect User

Assign the Connect User role to users who work with connections.
This role can perform the following tasks:

  • Create connections
  • View, run, edit, and delete owned connections

Do not assign the Connect Service Account role to users. This role is for internal purposes only.