Other resources

Release Notes

Support Knowledge Base
(login required)

Discover overview

With Discover, you can find and maintain an inventory of assets in your environment. By installing the Tanium™ Client on your endpoints, you can actively monitor the local subnet, detect unmanaged assets, and report the assets to Discover. You can then perform the following tasks:

  • Block unmanaged assets from network access.
  • Deploy Tanium Client to bring assets under management.
  • Get real-time information about unmanaged assets on your network.

Tanium-managed endpoints scan for or detect unmanaged assets at configurable intervals that depend on the discovery method. Discover queries endpoints for updated detection data every few minutes. New information is immediately available. The detection process provides continuous scanning without impact to network operations.

Discover is integrated with a collection of sensors, packages, and actions. With this tool set, you can bring network assets under management within minutes of detection.

Unmanaged assets discovery

You can choose between several discovery methods that detect assets that are on the network but not under Tanium management. Tanium Client initiates scans at regular intervals throughout the network environment. For more information, see Discovering unmanaged assets.

Client deployment

You can use the Discover Client Deploy solution to deploy the Tanium Client to the unmanaged asset endpoints to bring the computers under management by Tanium™ Server. For more information, see Deploying Tanium Client to unmanaged assets.

Asset tagging

A tag is a label that includes descriptive information or metadata that you can use to identify and group assets. Then, you can classify or search and sort assets based on the tags. You can also automatically apply tags or ignore assets based on a specifically defined set of conditions. For more information about tagging, see Managing assets .

Network Access Control (NAC) integration

Discover integrates with NAC solutions that perform network access blocking. With this capability, you can quickly identify and block rogue assets from the network.

The Palo Alto Networks integration uses the capabilities of the Palo Alto Networks NG Firewall to provide network access control blocking as a built-in action of Discover. For more information, see Block network access.


Discover records events when an unmanaged asset is found, a new managed asset is found, or if an asset is lost. To send these events to another system, such as a SIEM, email, or file, create a connection in Tanium™ Connect. This connection sends the event notification from Discover to a configured destination. For more information about configuring the Discover notifications connection, see Configuring Discover notifications.

Last updated: 12/6/2017 8:39 AM | Feedback