Connect requirements

Review the requirements before you install and use Connect.

Tanium dependencies

Component Requirement
Platform Version 6.5 or later.
Tanium™ Client No client requirements.
Tanium™ Detect Version 2.2 or later (optional).
Tanium™ Trace Version 2.0.5 for reputation data (optional).
Tanium™ Incident Response For hash data (optional).
License For information about licensing Connect, contact your Technical Account Manager (TAM).

Tanium™ Module Server computer resources

Connect is installed and runs as a service on the Tanium Module Server host computer. The impact on the Module Server is minimal and depends on usage. For more information, contact your TAM.

Third-party software

With Connect, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Microsoft SQL Server 2008, 2012 or 2014.
  • Elasticsearch 6 or earlier.
  • Palo Alto Networks integration: Palo Alto Networks Firewall with or without Panorama and subscription to Cloud WildFire (wildfire.paloaltonetworks.com) or a configured WF-500 WildFire appliance.
  • Palo Alto Networks Dynamic Access Group.
  • ServiceNow.
  • (SIEM) products and services including: HP ArcSight, LogRhythm, McAfee SIEM, and Splunk.
  • VirusTotal.

Host and network security requirements

Specific ports and processes are needed to run Connect.

Ports

The following ports are required for Connect communication.

Component Port number Direction Purpose
Module Server Varies Outbound Connections to external threat intelligence feeds, SIEM, SMTP, ServiceNow, Elasticsearch, and so on.
17441 (Connect), 17455 (Reputation) Inbound  

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Target device Process
Module Server

node.exe

or

"<Tanium Module Server>\services\connect\node.exe" service.js

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLS, your security administrator might need to whitelist the following URLs.

  • download.microsoft.com
  • go.microsoft.com
  • reversinglabs.com
  • store.servicenow.com
  • virustotal.com
  • wildfire.paloaltonetworks.com

User role requirements

For Tanium Platform versions prior to 7.1.314.3071, the following user roles are supported in Connect:

Administrator

Can install Connect, create and view all connections, and access all Reputation data.

Content Administrator

Can install Connect, create and view all connections, and access all Reputation data.

For Tanium Platform version 7.1.314.3071 or later, Connect 4.3 introduces role-based access control (RBAC) permissions that control access to the Connect workbench. The three predefined roles are Connect Administrator, Connect User, and Connect Reputation API User. Connect 4.9 additionally introduces one new role and four new permissions, and deprecates three permissions. The new predefined role is Connect Reputation Administrator. The four new permissions are Connect Read All, Connect Write All, Connect Run, and Connect Run All. The three deprecated permissions are Connect Event Schema Read, Connect Event Schema Write, and Connect Event Write.

Table 1:   Connect user role privileges for Tanium 7.1.314.3071 or later
Privilege Connect Administrator Connect User Connect Reputation Administrator Connect Reputation API User

Show Connect1

View the Connect workbench


2

2

2


Connect Read

Read own connections


2

2

2


Connect Read All

Read all connections


2




Connect Run

Run own connections


2

2



Connect Run All

Run all connections


2




Connect Write3

Write own connections


2




Connect Write All3

Write all connections


2




Connect Reputation Read

Read access to reputation data (available only in the API)


2


2

2

Connect Reputation Write

Write access to POST hashes to Reputation via API


2


2


Connect Reputation Administrator

Administrative-level access to Reputation


2




Connect Administrator

Administrative-level access to Connect and Reputation





1 To install Connect, you must have the reserved role of Administrator.

2 Denotes a provided permission.

3Users with the Connect User role can reuse a configured destination, which could result in potentially modifying a destination that is currently in use by a user with the Connect Administrator role.

 

Table 2:   Provided Connect Micro Admin and Advanced user role permissions for Tanium 7.1.314.3071 or later
Permission Role Type Content Set for Permission Connect Administrator Connect User Connect Reputation Administrator Connect Reputation API User
Read User Micro Admin  
Read Computer Group Micro Admin  
Execute Plugin Advanced Connect
Execute Plugin Advanced Connect Audit Plugins
Execute Plugin Advanced Connect Reputation

Connections are hidden from the Connections list view if the authenticated user does not have the required permissions for the data source. Examples that could limit the view of an authenticated user include RBAC access to a saved question or computer group, or System Administrator access to the various types of audit logs that are available from the Tanium Platform. See the following table for required permissions for specific sources.

Table 3:   Optional roles for Connect
Role Enables
A Micro Admin role that includes the Read System Status Micro Admin permission

Access to the System Status source.

For more information, see Tanium Platform User Guide: Create a Micro Admin Role.

Tanium Administrator Access to the Action History, Audit Log, Question Log, Server Information, and System Status sources

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.

Last updated: 1/8/2019 2:26 PM | Feedback