Overview

With Tanium™ Containers, you can extend the visibility of the Tanium™ Core Platform to containers that run on the endpoints in your environment. Tanium Containers provides:

  • Container orchestration software versions
  • Cloud-based container service information
  • Runtime visibility to containers
  • Validation that the correct container images are in use
  • Insight into container configuration and permissions
  • Visibility into container network connectivity

Tanium™ Client Container

To use the Tanium Core Platform to monitor containers on endpoints in an enterprise deployment, install and configure the Tanium™ Client Container on those endpoints. The Tanium Client Container is a containerized version of the Tanium Client that provides visibility into running containers in orchestrated worker environments. The Tanium Client Container also includes tools to query and parse data from the running containers to provide data to the sensors from the Containers solution.

The Tanium Client Container runs directly on container nodes and is compliant with the Open Container Initiative (OCI).

The Tanium Client that runs inside the Tanium Client Container is not upgradable. To switch to a new version of the Tanium Client in the Tanium Client Container, download a new version of the Tanium Client Container image, load it into your registry, and re-apply the Tanium Client Container DaemonSet described in Installing Tanium Containers.

Operating modes

The Tanium Client Container runs in one of two modes: client mode and tools mode. The Tanium Client Container automatically chooses a mode at runtime.

Client mode

The Tanium Client Container operates in client mode if the Kubernetes worker node does not already have a Tanium Client. In client mode, the Tanium Client Container communicates directly with Tanium Cloudthe Tanium Server as a Tanium Client.

When in client mode, the Tanium Client Container only responds to sensors in the Tanium Containers solution. This prevents Tanium Cloudthe Tanium Server from treating the Tanium Client Container as a traditional endpoint. The Tanium Client Container is a Tanium Client but, as a container, it is not a traditional endpoint that runs packages or contains endpoint tools installed by Tanium solutions.

Tools mode

The Tanium Client Container operates in tools mode if the Kubernetes node already contains a Tanium Client. In tools mode, the Tanium Client Container provides tools to query and parse data from running containers to the existing Tanium Client. The Tanium Client Container continues to run as a paused container. In this mode, the existing Tanium Client responds to container sensors in addition to general (non-container) sensors.

Interoperability with other Tanium products

Tanium Containers works with Tanium™ Trends for additional reporting of related data.

Trends

Trends features a Containers board that shows container usage across the environment. The following panels are in the Containers board:

  • Running Containers
  • Running Pods
  • Vendor
  • Kubernetes Service
  • Kubernetes Version
  • Node Operating System
  • Container Runtime
  • Container Runtime Version
  • Container Image Hash
  • Privileged Containers
  • Container Breaching Paving Policy
  • Multi-Process Containers

For more information about how to import the Trends boards that are provided by Tanium Containers, see Tanium Trends User Guide: Importing the initial gallery.