Requirements

Review the requirements before you install and use Connect.

Tanium dependencies

Component Requirement
Platform Version 6.5 or later.
Tanium™ Client No client requirements.
Tanium™ Detect Version 2.2 or later (optional).
Tanium™ Trace Version 2.0.5 for reputation data (optional).
Tanium™ Incident Response For hash data (optional).
License For information about licensing Connect, contact your Technical Account Manager (TAM).

Tanium Module Server computer resources

Connect is installed and runs as a service on the Tanium™ Module Server host computer. The impact on the Module Server is minimal and depends on usage. For more information, contact your TAM.

Third-party software requirements

With Connect, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Microsoft SQL Server 2008, 2012 or 2014.
  • Elasticsearch 5 or earlier.
  • Palo Alto Networks integration: Palo Alto Networks Firewall with or without Panorama and subscription to Cloud WildFire (wildfire.paloaltonetworks.com) or a configured WF-500 WildFire appliance.
  • Palo Alto Networks Dynamic Access Group.
  • ServiceNow.
  • (SIEM) products and services including: HP ArcSight, LogRhythm, McAfee SIEM, and Splunk.
  • VirusTotal.

Host and network security requirements

Specific ports and processes are needed to run Connect.

Ports

The following ports are required for Connect communication.

Component Port number Direction Purpose
Module Server Varies Outbound Connections to external threat intelligence feeds, SIEM, SMTP, ServiceNow, Elasticsearch, and so on.
17441, 17445 Inbound  

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Target device Process
Module Server
  • node.exe

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLS, your security administrator might need to whitelist the following URLs.

  • download.microsoft.com
  • go.microsoft.com
  • reversinglabs.com
  • store.servicenow.com
  • virustotal.com
  • wildfire.paloaltonetworks.com

User roles and privileges

For Tanium Platform versions prior to 7.1.314.3071, the following user roles are supported in Connect:

Administrator

In Connect 4.2 or earlier, can install Connect, create connections, and view all connections.
In Connect 4.3, cannot create connections using action, audit, or question logs, server information, or system status unless additionally assigned one of the new Connect user roles that provide those privileges.

Content Administrator

In Connect 4.2 or earlier, can create connections and view their own connections.
In Connect 4.3, no access to Connect unless additionally assigned one of the new Connect user roles.

For Tanium Platform version 7.1.314.3071 or later, Connect 4.3 introduces role-based access control (RBAC) permissions that control access to the Connect workbench. The three predefined roles are Connect Administrator, Connect User, and Connect Reputation API User.

Table 1:   Tanium 7.1 Connect User Role Privileges
Privilege Connect Administrator Connect User Connect Reputation API User

Show Connect*

View the Connect workbench





Connect Reputation Read

Read access to reputation data (available only in the API)





Connect Reputation Write

Write access to POST hashes to reputation via API





Connect Event Write

Access to send event data to Connect via API





Connect Event Schema Read

Access to read event schemas via API





Connect Event Schema Write

Access to create event schemas via API





Connect Reputation Administrator

Administrative-level access to Reputation





Connect Read†

Read access to Connect





Connect Write†‡

Write access to Connect





Connect Administrator

Administrative-level access to Connect and Reputation




* To install Connect, you must have the reserved role of Administrator.

† Users with the Connect Administrator role can read or write all connections, while users with the Connect User role can read or write only their own connections.

‡ Users with the Connect User role can reuse a configured destination, which could result in potentially modifying a destination that is currently in use by a user with the Connect Administrator role.

Last updated: 7/3/2018 2:55 PM | Feedback