Upgrading Tanium Connect

Before you migrate your connections, you might want to review this entire page to understand the changes that will be made to your connections.

Before you upgrade Connect, you must back up your <Tanium Module Server>\services\connect-files\config\connect.db file in case you need to revert to a previous version of Connect.

Upgrade Connect

Connect 4.8 no longer supports upgrading from Connect 3.x. To upgrade from Connect 3.x, you must first upgrade to Connect 4.7.4.

  1. From the Main menu, click Tanium Solutions.
  2. In the Connect section, click Upgrade to <version>.
  3. Verify the list of API requests and click Proceed with Import.
  4. To confirm the upgrade, return to the Tanium Solutions page and check the Installed version for Connect. If the new version is not displayed, try refreshing the Tanium Solutions page.

Upgrade considerations for Connect 4.1

Connect 4.1 introduces the reputation service as a single place to build a repository of reputation data from various sources, such as Palo Alto WildFire and VirusTotal.

If you had previously configured a VirusTotal connection, that connection continues to work as configured. However, do not change the Keep Reports setting in the Reputation Service settings page to Malicious only.

Migrate connections to Connect 4.x from previous versions

If you are upgrading to Connect 4.x from a previous version, your existing connections are not automatically migrated when you update the solution. You must initiate the migration process and update your connections that have migration requirements.

  1. On the Connect home page, click Settings , and then click the Migrate tab.
  2. Click Migrate Now.
  3. Your connections are imported. If there are problems with any connection, the connection will be in stopped state. Review the messages on the migration page to resolve any issues and restart your connections.

Filtering considerations for Connect 4.x

Some filtering behaviors have changed from previous versions of Connect.

You can now create multiple filters on a connection

In Connect 4.0, you can create multiple filters on the same connection. If you create multiple filters, a row must meet all the filtering conditions for the data in that row to be sent to the destination. For example, if you have a numeric filter on one field, and a regular expression on another field, both fields in a row must meet those conditions.

New items filter behavior changes, baseline not migrated

In Connect 4.0, the behavior of the new items filter is slightly different than in previous releases. When you migrate a connection to Connect 4.0, the new items filter data cannot be migrated. The connection starts the learning period again in a new database. Edit your migrated connection to make any updates to the behavior of the filter.

The default behavior was that the baseline continued to be updated after the learning period expired. You can disable this setting to keep the baseline as only what was created during the original learning period.

Regular expression filter now works against a specific column

Connections that use the regular expression filter are migrated, but you must update the connection to add the target column. Open the connection, choose a column on which to apply the regular expression filter, and save the connection.

Unique values from columns filter was removed

The Unique values from columns filter was removed, but the same function exists in the New Items filter. When your connection is migrated, the New Items filter has the Keep Learning and Persist settings disabled, and the columns that you had provided are selected as Index Columns. No action is required after migration.

Destination changes

One destination per connection

In previous versions of Connect, you could create a connection with multiple destinations. For example, you might create a connection that writes the results of the same saved question to both a file and an email.

In Connect 4 and later, a connection can have only one destination. For similar behavior to your previous configuration, create multiple connections that have the same source, but with different destinations.

Discover Client Deploy destination

The Taniumâ„¢ Discover Client Deploy destination no longer exists in Connect. The Client Deploy function is now built into Discover. Any existing connections that use a Client Deploy destination are not migrated. For more information about client deployment with Discover, see Tanium Discover User Guide: Deploying Tanium Client to unmanaged assets.

File destination

Files are written to the \Program Files\Tanium\Tanium Module Server\services\connect-files\output directory.

For more information about specifying file locations, see Configuring a file destination.

Oracle database destination

Oracle is no longer a supported database destination type. See Configuring an SQL Server destination for more information about configuring a database destination.

SIEM destinations

You can now use Common Event Format (CEF) and Log Event Extended Format (LEEF) formats for SIEM destinations (including: HP ArcSight, IBM QRadar, LogRhythm, Splunk, and McAfee SIEM). You might want to edit your SIEM destinations to change the format. For more information, see Configuring an SIEM destination.

Last updated: 4/18/2019 10:46 AM | Feedback