Criticality requirements
Review the requirements before you install and use Criticality.
Core platform dependencies
Make sure that your environment meets the following requirements:
-
Tanium™ Core Platform servers: 7.5.4.1158 or later
- Tanium™ Client: Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.
If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.
Solution dependencies
Other Tanium solutions are required for Criticality to function (required dependencies) or for specific Criticality features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.
Some Criticality dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Criticality requires.
Tanium recommended installation
If you select Tanium Recommended Installation when you import Criticality, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.
Import specific solutions
If you select only Criticality to import and are using Tanium Core Platform 7.5.2.3531 or later with Tanium Console 3.0.72 or later, the Tanium Server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Criticality, the server automatically updates those dependencies to the latest available versions.
If you select only Criticality to import and you are using Tanium Core Platform 7.5.2.3503 or earlier with Tanium Console 3.0.64 or earlier, you must manually import or update required dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.
Required dependencies
Criticality has the following required dependencies at the specified minimum versions. You must install the dependencies in the listed order.
- Tanium™ Interact 2.12.113 or later
- Tanium™ System User Service 1.0.77 or later
- Tanium™ RDB Service 1.2.6 or later
- Tanium™ Blob Service 1.0.6 or later
- Tanium™ Reporting 1.8.40 or later
- Tanium™ Directory Query 1.1.7 or later
Tanium™ Module Server
Criticality is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.
For information about Module Server sizing in a Windows deployment, see Tanium Core Platform Deployment Guide for Windows: Host system sizing guidelines.
Endpoints
Supported Internet protocols
Criticality supports IPv4 and IPv6 addresses.
Supported operating systems
Criticality does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.
Host and network security requirements
Specific ports and processes are needed to run Criticality.
Ports
The following ports are required for Criticality communication.
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
|
|
|
17532 | TCP | Internal purposes, not externally accessible |
Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.
For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
| Target Device | Notes | Exclusion Type | Exclusion |
|---|---|---|---|
| Module Server | Process | <Module Server>\services\criticality-service\TaniumCriticalityService.exe |
No additional process exclusions are required.
User role requirements
The following tables list the role permissions required to use Criticality. To review a summary of the predefined roles, see Set up Criticality users.
For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.
On installation, Criticality creates a Criticality user to automatically manage the Criticality service account. Do not edit or delete the Criticality user.
| Permission | Criticality Administrator1,2 | Criticality Operator1,2 | Criticality User1,2 |
|---|---|---|---|
|
Criticality Accesses the Criticality workbench |
|
|
SHOW READ |
|
Criticality Support Bundle Provides privileges for the support bundle |
READ |
|
|
|
Criticality Sync Allows manually starting a user and group sync |
|
START |
|
|
1This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions. 2 This role provides permissions for the Tanium Reporting service. You can view which Reporting service permissions are granted to this role in the Tanium Console. For more information, see Tanium Reporting User Guide: User role requirements. |
|||
| Permission | Permission Type | Criticality Administrator1,2,3 | Criticality Operator1,2,3 | Criticality User1,2,3 |
|---|---|---|---|---|
| Computer Group | Administration |
READ |
READ |
READ |
| Filter Group | Platform Content |
READ |
READ |
READ |
| Plugin | Platform Content |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
| Sensor | Platform Content |
READ |
READ |
READ |
|
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. 1This role provides module permissions for Tanium Interact. You can view which Interact content sets are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: User role requirements. 2 This role provides permissions for the Tanium Reporting service. You can view which Reporting service permissions are granted to this role in the Tanium Console. For more information, see Tanium Reporting User Guide: User role requirements. 3 This role provides content set permissions for Tanium Data Service. You can view which Tanium Data Service content sets are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: User role requirements. |
||||
Last updated: 5/31/2023 4:12 PM | Feedback