Connect requirements

Review the requirements before you install and use Connect.

Tanium dependencies

Component Requirement
Platform 7.2 or later.
Tanium™ Client No client requirements.
Tanium Asset 1.4.2 or later (optional).
Tanium Comply 2.1 or later (optional).
Tanium Detect 2.2 or later (optional).
Tanium Discover 2.11 or later (optional).
Tanium Threat Response 1.3 or later (optional).
Tanium Trends 2.4 or later (optional).
License For information about licensing Connect, contact your Technical Account Manager (TAM).

Tanium™ Module Server computer resources

Connect is installed and runs as a service on the Tanium Module Server host computer. The impact on the Module Server is minimal and depends on usage. For more information, contact your TAM.

Third-party software

With Connect, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Microsoft SQL Server 2008, 2012 or 2014.
  • Elasticsearch 7.2 or earlier.
  • Palo Alto Networks integration: Palo Alto Networks Firewall with or without Panorama and subscription to Cloud WildFire (wildfire.paloaltonetworks.com) or a configured WF-500 WildFire appliance.
  • Palo Alto Networks Dynamic Access Group.
  • ServiceNow.
  • (SIEM) products and services including: HP ArcSight, LogRhythm, McAfee SIEM, and Splunk.

Host and network security requirements

Specific ports and processes are needed to run Connect.

Ports

The following ports are required for Connect communication.

Component Port number Direction Purpose
Module Server Varies Outbound Connections to external threat intelligence feeds, SIEM, SMTP, ServiceNow, Elasticsearch, and so on.
17441 Inbound  

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Table 1:   Connect security exclusions
Target device Process
Module Server <Tanium Module Server>\services\connect-service\node.exe

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to whitelist the following URLs.

  • store.servicenow.com

User role requirements

Connect 4.3 introduces role-based access control (RBAC) permissions that control access to the Connect workbench. The three predefined roles are Connect Administrator, Connect User, and Connect Reputation API User. Connect 4.9 additionally introduces one new role and four new permissions. The new predefined role is Connect Reputation Administrator. The four new permissions are Connect Read All, Connect Write All, Connect Run, and Connect Run All.

Table 2:   Connect user role permissions
Permission Connect Administrator Connect User Connect Reputation Administrator1 Connect Reputation API User1

Show Connect2

View the Connect workbench


3

3

3


Connect Event Write

Write access to events


3

3



Connect Eventschema Read

Read access to event schemas via API


3

3



Connect Eventschema Write

Write access to event schemas via API


3




Connect Read

Read own connections


3

3

3


Connect Read All

Read all connections


3




Connect Run

Run own connections


3

3



Connect Run All

Run all connections


3




Connect Write4

Write own connections


3




Connect Write All4

Write all connections


3




Connect Reputation Read1

Read access to reputation data via API


3


3

3

Connect Reputation Write1

Write access to reputation data via API


3


3


Connect Reputation Administrator1

Administrative-level access to Reputation


3




Connect Administrator

Administrative-level access to Connect and Reputation





1 Connect 4.11 deprecates these roles and permissions. For more information, see Tanium Reputation User Guide: User role requirements.

2 To install Connect, you must have the reserved role of Administrator.

3 Denotes a provided permission.

4Users with the Connect User role can reuse a configured destination, which could result in potentially modifying a destination that is currently in use by a user with the Connect Administrator role.

 

Table 3:   Provided Connect Advanced user role permissions
Permission Content Set for Permission Connect Administrator Connect User Connect Reputation Administrator1 Connect Reputation API User1
Execute Plugin Connect
Execute Plugin Connect Audit Plugins
Execute Plugin Connect Reputation

1 Connect 4.11 deprecates these roles. For more information, see Tanium Reputation User Guide: User role requirements.

Connections are hidden from the Connections list view if the authenticated user does not have the required permissions for the data source. Examples that could limit the view of an authenticated user include RBAC access to a saved question or computer group, or System Administrator access to the various types of audit logs that are available from the Tanium Platform. See the following table for required permissions for specific sources.

Table 4:   Optional roles for Connect
Role Enables
A Micro Admin role that includes the Read System Status Micro Admin permission

Access to the System Status source.

For more information, see Tanium Platform User Guide: Create a Micro Admin Role.

Tanium Administrator Access to the Action History, Audit Log, Question Log, Server Information, and System Status sources

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.

Last updated: 9/13/2019 4:04 PM | Feedback