Detect requirements

Review the requirements before you install and use Detect.

Tanium dependencies

In addition to a license for the Detect product module, make sure that your environment also meets the following requirements.

Component Requirement
Platform Version 7.0 or later.

Enhanced functionality is available with version 7.0.314.6042 and later. Installing Tanium™ Interact is also suggested.

For more information, see the Tanium Core Platform Installation Guide: Installing Tanium Server.

Tanium™ Client Detect is supported on Linux, Mac, and Windows endpoints.

Windows XP must have SP3 installed and Windows 2003 must have SP2 installed.

For more information, see the Tanium Client Deployment Guide: Prerequisites.

Tanium™ Connect 3.0 or later is required for event forwarding. 4.1.0 or later is required for reputation data.
Tanium™ Index or later (optional)
Tanium™ Trace 2.1.0 or later. Sysmon is required for Windows Server 2008 and Windows 7 endpoints. See Tanium Trace User Guide: Third-party software.

Endpoint hardware requirements

250 MB of disk space must be free on the endpoint. For more information, see the Tanium Client Deployment Guide: Prerequisites.

Tanium Module Server computer resources

Detect is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage. For more information, see the Tanium Core Platform Installation Guide: Host computer sizing. Contact your Technical Account Manager (TAM) for details.

Host and network security requirements

Specific ports and processes are needed to run Detect.


Outbound ports 80 and 443 are required on the Module Server host machine for integrating intel streams.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Target device Process
Module Server
  • twsm.exe
  • node.exe
Endpoint computers
  • TaniumDetectEngine.exe

Internet URLs

Intel streams are updated from the Detect service, which runs on the Tanium Module server. If security software is deployed in the environment to monitor and block unknown URLs, your security administrator must whitelist the intel stream provider URLs on the Tanium Module Server.

User roles

For Tanium Platform version 7.0, users with a minimum of Question Author privilege can perform all functions.

For version 7.1.314.3071 or later, you can use role-based access control (RBAC) permissions to restrict access to Detect functions.

Table 1:   Tanium 7.1 Detect Role Privileges
Privilege Detect Administrator Detect User Detect Read Only User Detect Service User
Show Detect‡
Detect Use API
Detect Configuration Write
Detect Configuration Read
Detect Group Configuration Write
Detect Group Configuration Read
Detect Source Write*
Detect Source Read
Detect Intel Write
Detect Intel Read*
Detect Label Write
Detect Label Read
Detect Quick Scan Write
Detect Quick Scan Read*
Detect Alert Write
Detect Alert Read*
Detect Workbench User
Detect Administrator User
Detect Service User*

‡ To install Detect, you must have the reserved role of Administrator.

* Requires permissions for other modules or solutions to complete all tasks in other modules and see all content; such as Interact, Trace (version 2.2.0 or later), or Connect (version 4.3.0 or later). You can assign a role for another product, or create a custom role that lists just the specific privileges needed.

For example, to do everything in Detect and its features that integrate with other Tanium products, the user needs:

  • Detect Administrator and Detect Service Account roles.
  • Connect Administrator role or the Event Schema Write and Reputation Write privileges to send events to Connect and see reputation data.
  • Trace User role to pivot from an alert into a Trace live connection and to work with Trace-generated intel.
  • Show Interact role to open scan results and drill-down to endpoints.

For more information, see the Tanium Core Platform User Guide: Users and user groups.

Last updated: 6/19/2018 10:33 AM | Feedback