With Discover, you can find and maintain an inventory of interfaces. By installing the Tanium™ Client on your endpoints, you can actively monitor the local subnet, detecting unmanaged interfaces. You can then perform the following tasks:
- Get real-time information about unmanaged interfaces on your network.
- Block unmanaged interfaces from network access.
Interfaces are unique media access control (MAC) addresses. An endpoint with multiple network interface controllers (NICs) displays as multiple interfaces in Discover.
Managed interfaces are on endpoints that have the Tanium Client running and are managed by Tanium. Unmanaged interfaces are on the network but do not have the Tanium Client running.
Scan types define which endpoints run discover scans. For the most complete view of all unmanaged interfaces, you might want to use a combination of distributed and centralized scans.
Configure distributed scans to use managed endpoints scan for or detect unmanaged interfaces at configurable intervals. Discover queries endpoints for updated detection data periodically. New information is immediately available. The detection process provides continuous scanning without impact to network operations.
Configure centralized scans to use the Tanium Module Server to detect unmanaged interfaces beyond your local network. You can use centralized scans in cloud-hosted environments.
Create profiles to detect interfaces that are on the network but not under Tanium management. Each profile consists of a set of network inclusions and exclusions, a discovery method, and schedule information. You can configure multiple profiles to cover different parts of the network. For more information, see Running distributed scans.
Organize interfaces by applying locations or labels. View statistics about interfaces over time.
Assign interfaces to geographic, physical, or logical locations. Define a hierarchy of network addresses, network address translation (NAT) addresses, and locations. Addresses can consist of an IP, IP range, or classless inter-domain routing (CIDR) address. After the hierarchy is defined, locations are matched with the interfaces during the import process of a discovery scan. For more information, see Locations.
Labels include descriptive information or metadata that you can use to identify and group interfaces. Then, you can classify or search for interfaces based on the labels. You can also automatically apply labels or ignore interfaces based on a specifically defined set of conditions. For more information about labels, see Labels.
With module sources for Discover in Tanium™ Trends, you can create boards that show interface statistics and module health over time. For more information, see Tanium Trends User Guide: Building and publishing boards.
Use the Tanium™ Network Quarantine shared service to set up a network access control (NAC) that can block by IP or MAC address as a built-in action of Discover.
For more information, see Block network access with Network Quarantine.
Discover records the following events:
- Found an unmanaged interface
- Found a new managed endpoint
- Lost an interface
With a connection in Tanium™ Connect, Discover can send these events to a destination, such as security information and event management (SIEM) system, email, or file. For more information about configuring the Discover notifications connection, see Configure event notifications.
Discover features Trends boards that provide data visualization of Discover concepts.
Discover Interfaces Status
Displays information about the interfaces that Discover has found in the environment. The following panels are in the Discover Interfaces Status board:
- All interfaces - Latest
- Discover lost interfaces
- All interfaces
Discover Module Health
Displays information about the interfaces that Discover has found in the environment. The following panels are in the Discover Module Health board:
- Discover module average CPU usage
- Discover module average heap memory used
For more information about how to import the Trends boards that are provided by Discover, see Tanium Trends User Guide: Importing the initial gallery.
This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties (“Third Party Items”). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium.
Further, this documentation does not require or contemplate the use of or combination with Tanium products with any particular Third Party Items and neither Tanium nor its affiliates shall have any responsibility for any infringement of intellectual property rights caused by any such combination. You, and not Tanium, are responsible for determining that any combination of Third Party Items with Tanium products is appropriate and will not cause infringement of any third party intellectual property rights.
Last updated: 3/31/2020 11:08 AM | Feedback