Connect requirements

Review the requirements before you install and use Connect.

Tanium dependencies

Component Requirement
Tanium™ Core Platform 7.2 or later.

7.4.2 or later (required for Tanium™ Interact 2.1 or later).

Tanium™ Client No client requirements.
Tanium Interact 2.1 or later (required Required for Tanium Data Service source).
Tanium products If you selected Install with Recommended Configurations when you installed Connect, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Connect requires to function, as described under Tanium Console User Guide: Manage Tanium modules.

The following modules are optional, but Connect requires the specified minimum versions to work with them:

  • Tanium Asset 1.4 or later for Tanium Asset source
  • Tanium Comply 2.1 or later for Tanium Comply source
  • Tanium Discover 2.11 or later for Tanium Discover or Event sources
  • Tanium Integrity Monitor for Event source
  • Tanium Network Quarantine for Event source
  • Tanium Reputation 5.0 or later for Tanium Reputation source
  • Tanium Threat Response 1.3 or later for Tanium Threat Response source
  • Tanium Trends 2.4 or later for Tanium Trends source

Tanium™ Module Server

Connect is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

Endpoints

Connect does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements.

Third-party software

With Connect, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Microsoft SQL Server 2008, 2012 or 2014.
  • Elasticsearch 7.2 or earlier.
  • Palo Alto Networks integration: Palo Alto Networks Firewall with or without Panorama and subscription to Cloud WildFire (wildfire.paloaltonetworks.com) or a configured WF-500 WildFire appliance.
  • (SIEM) products and services including: HP ArcSight, LogRhythm, McAfee SIEM, and Splunk.

Host and network security requirements

Specific ports and processes are needed to run Connect.

Ports

For Tanium as a Service ports, see Tanium as a Service Deployment Guide: Host and network security requirements.

The following ports are required for Connect communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17441 TCP Internal purposes, not externally accessible
Service providers (external) Varies TCP Connections to external threat intelligence feeds, SIEM, SMTP, Elasticsearch, and so on.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Table 1:   Connect security exclusions
Target device Notes Process
Module Server   <Tanium Module Server>\services\connect-service\node.exe

No additional process exclusions are required.

User role requirements

Table 2:   Connect user role permissions
Permission Connect Administrator Connect Operator Connect User Connect Service Account

Show Connect

View the Connect workbench


1


1

Connect Event Write

Write access to events


1

1

1

Connect Eventschema Read

Read access to event schemas via API


1

1

1

Connect Eventschema Write

Write access to event schemas via API


1



Connect Read

Read own connections


1

1

1

Connect Read All

Read all connections


1

1


Connect Run

Run own connections


1

1

1

Connect Run All

Run all connections


1



Connect Write2

Write own connections


1

1


Connect Write All2

Write all connections


1



Connect Administrator

Administrative-level access to Connect and Reputation





Connect Service Account

Access to module service accounts to read and write data





Trends Integration Service Account32

Access for module service accounts to read and write data, and to define sources and boards





Trends Api Board Read32

View boards, sections, and panels for specified content sets





1

Trends Api Board Write32

Create, edit, delete, and configure boards, sections, and panels for specified content sets





1

Trends Api Source Read32

View and list sources for specified content sets





1

Trends Api Source Write32

Create, edit, and delete sources for specified content sets





1

Trends Data Read32

Run data queries against sources





1

Trends Import32

Import from file or gallery

Does not grant access to create new or custom boards and sources





1

1 Denotes a provided permission.

2Users with the Connect User role can reuse a configured destination, which could result in potentially modifying a destination that is currently in use by a user with the Connect Administrator role.

32 Denotes a permission when Trends 2.4 or later is installed.

 

Table 3:   Provided Connect Advanced user role permissions
Permission Content Set for Permission Connect Administrator Connect Operator Connect User Connect Service Account
Execute Plugin Connect
Execute Plugin Connect Audit Plugins
Execute Plugin Trends1

1 Denotes a provided permission when Trends 2.4 or later is installed.

Connections are hidden from the Connections list view if the authenticated user does not have the required permissions for the data source. Examples that could limit the view of an authenticated user include RBAC access to a saved question or computer group, or System Administrator access to the various types of audit logs that are available from the Tanium Platform. See the following table for required permissions for specific sources.

Table 4:   Optional roles for Connect
Role Enables
An Advanced role that includes the Read Action Advanced permission Access to the Action History source.

For more information, see Tanium Core Platform User Guide: Create an advanced role.

A Micro Admin role that includes the Read Audit Micro Admin permission Access to the Tanium Audit Source source.

For more information, see Tanium Core Platform User Guide: Create a micro admin role.

A Micro Admin role that includes the Read Question History Micro Admin permission Access to the Question Log source.

For more information, see Tanium Core Platform User Guide: Create a micro admin role.

A Micro Admin role that includes the Read System Status Micro Admin permission Access to the System Status source.

For more information, see Tanium Core Platform User Guide: Create a micro admin role.

Tanium Administrator Access to the Server Information Source source.

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.