Configuring Tanium Connect

If you did not install Connect with the Apply All Tanium recommended configurations option, you must enable and configure certain features.

When you import Connect with automatic configuration, the Connect service account is set to the account that you used to import the module.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure service account.

No default settings are configured for Connect.

Configure Connect

Configure service account

The service account is a user that runs several background processes for Connect. This user requires the Connect Service Account role.

For more information about Connect permissions, see User role requirements.

If you imported Connect with default settings, the service account is set to the account that you used to perform the import. Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization.

  1. From the Main menu, click Modules > Connect to open the Connect Overview page.
  2. Click Settings and open the Service Account tab.
  3. Update the service account settings and click Save.

Configure settings

You can configure the following settings for Connect in the Configuration tab of the Connect Settings:

Connection Run Log Expiration

Number of days before connection run logs are removed.

Connect Service Log Level

Log level for the Connect service logs.

Default Workbench Time Zone

Time zone that is used by default by the Connect workbench.

Internal IPs

Allow anyone to run connections to IP addresses on an internal network. For more information, see Test connections.

Memory Ceiling

The global maximum sum of memory (Gb) for all simultaneously running connections. This setting is useful when you have one or more demanding connections that frequently exhibit out of memory errors while running.

Process Count Limit

Specify how many scheduled connections can run simultaneously, each with its own dedicated background process. This setting gives you better control over how many simultaneously running connections you want to allow in your environment. Set to 0 to allow unlimited simultaneous connections.

Queue Connections

Option to queue additional scheduled connections when the maximum memory or process counts is reached. If this setting is not enabled, any connections beyond the specified maximum values that attempt to run result in failures.

Set up Connect users

You can use the following set of predefined user roles to set up Connect users.

To review specific permissions for each role, see User role requirements.

For more information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.

Connect Administrator

Assign the Connect Administrator role to users who manage the configuration of Connect.
This role can perform the following tasks:

  • Configure Connect settings, including the service account, resource allocation, and logging
  • View, run, create, edit, and delete connections
  • Access the Connect REST API

Connect Operator

Assign the Connect Operator role to users who manage the configuration of Connect but do not need to manage the service account.
This role can perform the following tasks:

  • Configure some Connect settings, including resource allocation and logging
  • View, run, create, edit, and delete connections
  • Access the Connect REST API

Connect User

Assign the Connect User role to users who work with connections.
This role can perform the following tasks:

  • Create connections
  • View, run, edit, and delete owned connections

Connect Service Account

Assign the Connect Service Account role to the account that configures system settings for Connect.
This role can perform several background processes for Connect. For more information, see Installing Tanium Connect.