Connect requirements

Review the requirements before you install and use Connect.

Tanium dependencies

Component Requirement
Tanium™ Core Platform 7.3.314.4250 or later.
Tanium™ Client No client requirements.
Tanium solutions If you selected Tanium Recommended Installation when you installed Connect, the Tanium Server automatically installed all your licensed solutions at the same time. Otherwise, you must manually install the Tanium solutions that Connect requires to function, as described under Tanium Console User Guide: Import, re-import, or update specific solutions.

Tanium solutions at the following minimum versions are required:

  • Tanium Interact 2.4.50 or later (also required for the Tanium Data Service source and to view charts on the Connect Overview page)

  • Tanium Trends 3.6 or later (also required for the Tanium Trends source and to view charts on the Connect Overview page)

The following Tanium solutions are optional, but Connect requires the specified minimum versions to work with them:

  • Tanium Asset 1.4 or later for the Tanium Asset source
  • Tanium Comply 2.1 or later for the Tanium Comply source
  • Tanium Discover 2.11 or later for the Tanium Discover or Event sources
  • Tanium Impact 1.7 or later for the Tanium Impact source
  • Tanium Integrity Monitor for the Event source
  • Tanium Integrity Monitor for the Tanium Integrity Monitor or Event sources
  • Tanium Network Quarantine for the Event source
  • Tanium Reputation 5.0 or later for the Tanium Reputation source
  • Tanium Threat Response 1.3 or later for the Tanium Threat Response source

Tanium™ Module Server

Connect installs and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

Endpoints

Connect does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.

Third-party software

With Connect, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Microsoft SQL Server 2008, 2012 or 2014.
  • Elasticsearch 7.2 or earlier.
  • Palo Alto Networks integration: Palo Alto Networks Firewall with or without Panorama and subscription to Cloud WildFire (wildfire.paloaltonetworks.com) or a configured WF-500 WildFire appliance.
  • (SIEM) products and services including: HP ArcSight, LogRhythm, McAfee SIEM, and Splunk.

Host and network security requirements

Specific ports and processes are needed to run Connect.

Ports

For Tanium as a Service ports, see Tanium as a Service Deployment Guide: Host and network security requirements.

The following ports are required for Connect communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17441 TCP Internal purposes, not externally accessible
Service providers (external) Varies TCP Connections to external threat intelligence feeds, SIEM, SMTP, Elasticsearch, and so on.
Palo Alto Networks Wildfire (external) 443 TCP Connections to Palo Alto Networks Wildfire. See Configuring Palo Alto Networks WildFire and Tanium Threat Response.

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Connect security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\connect-service\node.exe

No additional process exclusions are required.

User role requirements

The following tables list the role permissions required to use Connect. To review a summary of the predefined roles, see Set up Connect users.

For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Connect user role permissions
Permission Connect Administrator1 Connect Operator1 Connect User Connect Service Account1

Connect

READ: Read own connections

RUN: Run own connections

SHOW: View the Connect workbench

WRITE: Write own connections2


READ
RUN
SHOW
WRITE

READ
RUN
SHOW
WRITE

READ
RUN
SHOW
WRITE

Connect Administrator

Administrative-level access to Connect and Reputation. Provides the User read permission.


ADMINISTER

Connect Event

Write access to events through the Connect API


WRITE

WRITE

WRITE

Connect Eventschema

Read and write access to event schemas through the Connect API


READ

READ
WRITE

READ
WRITE

Connect Read

View all connections.


ALL

ALL

Connect Run

Run all connections. Provides the User read permission.


ALL

ALL

Connect Write2

Create, edit, or delete any connection. Provides the User read permission.


ALL

ALL

Connect Service Account

Access to module service accounts to read and write data


EXECUTE

1 This role provides module permissions for Tanium Trends 2.4 or later. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see the Tanium Trends User Guide: User role requirements.

2 Users with the Connect User role can reuse a configured destination, which could result in potentially modifying a destination that is currently in use by a user with the Connect Administrator role.

 

Provided Connect platform content permissions
Permission Content Set for Permission Connect Administrator Connect Operator Connect User Connect Service Account
Plugin Connect
EXECUTE
READ

EXECUTE
READ

EXECUTE
READ

EXECUTE
READ
Plugin Connect Audit Plugins
EXECUTE
READ
Plugin Trends1
EXECUTE
READ

EXECUTE
READ

EXECUTE
READ

EXECUTE
READ

You can view which content sets are granted to any role in the Tanium Console.

1 Denotes a permission when Trends 2.4 or later is installed.

Connections are hidden from the Connections list view if the authenticated user does not have the required permissions for the data source. Examples that could limit the view of an authenticated user include RBAC access to a saved question or computer group, or System Administrator access to the various types of audit logs that are available from the Tanium Platform. See the following table for required permissions for specific sources.

Optional roles for Connect
Role Enables
A custom role that includes the Action read platform content permission Access to the Action History source.

For more information, see Tanium Console User Guide: Configure a custom role.

A custom role that includes the Audit read administration permission Access to the Tanium Audit Source source.

For more information, see Tanium Console User Guide: Configure a custom role.

A custom role that includes the Question History read administration permission Access to the Question History source.

For more information, see Tanium Console User Guide: Configure a custom role.

A custom role that includes the System Status read administration permission Access to the Client Status source.

For more information, see Tanium Console User Guide: Configure a custom role.

Tanium Administrator Access to the Server Information Source source.

For more information and descriptions of content sets and permissions, see Tanium Console User Guide: RBAC overview.