Direct Connect requirements

Review the requirements before you install and use Direct Connect.

Tanium dependencies

In addition to a license for Direct Connect, make sure that your environment meets the following requirements.

Component Requirement
Platform Version 7.2.314.2831 or later.

For more information, see Tanium Core Platform Installation Guide: Installing Tanium Server.

Tanium Client 7.2.314.3211 or later
Tanium™ solutions that use the Tanium™ Client Recorder Extension If you are using any of the following Tanium solutions that use the endpoint recorder, you must use the specified versions:
  • Tanium™ Integrity Monitor 1.7.0.0035 or later
  • Tanium™ Map 1.1.1.0006 or later
  • Tanium™ Threat Response 1.2.0.0037 or later
  • Tanium™ Trace 2.9.0.0035 or later

Tanium Module Server

Direct Connect is installed and runs as a service on the Module Server. The impact on the Module Server is minimal and depends on usage.

Endpoints

Direct Connect supports Windows, Linux, and macOS endpoints.

Host and network security requirements

Specific ports are needed to run Direct Connect.

Ports

The following ports are required for Direct Connect communication.

Component Port Direction Purpose
Module Server 17475 Inbound Connecting to the Module Server for direct connections to endpoints.

User role requirements

Use role-based access control (RBAC) permissions to restrict access to Direct Connect functions.

Table 1:   Tanium Direct Connect User Role Privileges
Permission Direct Connect Administrator Direct Connect Read Only User Direct Connect Service Account Direct Connect User
Direct Connect API Read

Allows viewing of the Direct Connect workbench

1 1 1
Direct Connect API Write

Perform operations using the API

1 1
Direct Connect Cron Exec

Allows performing service account user work

Direct Connect Endpoint Config Read

Allows viewing endpoint configuration settings

1
Direct Connect Endpoint Config Write

Allows modification of endpoint configuration settings

Direct Connect Endpoint Connect

Allows creating and using endpoint connections

Direct Connect Logs Read

Allows viewing logs

Direct Connect Service User Read

Allows viewing the service account user

1
Direct Connect Service User Write

Allows modification of the service account user

Direct Connect Session Read

Allows viewing endpoint connections

1 1 1 1
Direct Connect Session Write

Allows managing endpoint connections

1 Denotes a provided permission.




Table 2:   Provided Advanced user role permissions for Tanium 7.1.314.3071 or later
Permission Content Set for Permission Direct Connect Administrator Direct Connect Read Only User Direct Connect Service Account Direct Connect User
Read Sensor Reserved
Read Sensor Base
Read Sensor Direct Connect
Read Action Direct Connect
Read Own Action Direct Connect 1 1 1 1
Write Action Direct Connect
Show Preview Direct Connect 1 1 1
Read Plugin Direct Connect 1 1 1 1
Execute Plugin Direct Connect
Read Package Direct Connect 1 1 1
Write Package Direct Connect
Read Saved Question Reserved
Read Saved Question Base
Read Saved Question Direct Connect

1 Denotes a provided permission.

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.

Last updated: 9/24/2019 11:21 AM | Feedback