Other resources

Release Notes

Support Knowledge Base
(login required)

Discover overview

With Discover, you can find and maintain an inventory of interfaces in your environment. By installing the Tanium™ Client on your endpoints, you can actively monitor the local subnet, detect unmanaged interfaces, and report the interfaces to Discover. You can then perform the following tasks:

  • Deploy Tanium Client to bring endpoints under management.
  • Get real-time information about unmanaged interfaces on your network.
  • Block unmanaged interfaces from network access.

Tanium-managed endpoints scan for or detect unmanaged interfaces at configurable intervals. Discover queries endpoints for updated detection data periodically. New information is immediately available. The detection process provides continuous scanning without impact to network operations.

Discover is integrated with a collection of sensors, packages, and actions. With this tool set, you can bring network interfaces under management within minutes of detection.

Unmanaged interface discovery

You can choose between several discovery methods that detect interfaces that are on the network but not under Tanium management. Tanium Client initiates scans at regular intervals throughout the network environment. For more information, see Discovering unmanaged interfaces.

Client deployment

You can use the Discover Client Deploy solution to deploy the Tanium Client to the unmanaged interfaces to bring the computers under management by Tanium™ Server. For more information, see Deploying Tanium Client to unmanaged endpoints.

Interface labels

Labels include descriptive information or metadata that you can use to identify and group interfaces. Then, you can classify or search interfaces based on the labels. You can also automatically apply labels or ignore interfaces based on a specifically defined set of conditions. For more information about labels, see Managing interfaces .

Network Access Control (NAC) integration

Discover integrates with NAC solutions that perform network access blocking. With this capability, you can quickly identify and block rogue interfaces from the network.

Tanium™ Network Quarantine

Use the Network Quarantine shared service to set up a NAC that can block by IP or MAC address.

For more information, see Block network access with Network Quarantine.

Tanium™ Connect

Configure blocking and unblocking connections with Palo Alto Networks NG Firewall to provide network access control blocking as a built-in action of Discover.

For more information, see Block network access with Connect.

Notifications

Discover records events when an unmanaged interface is found, a new managed endpoint is found, or if an interface is lost. Discover can send these events to another system, such as a SIEM, email, or file, with a connection in Connect. This connection sends the event notification from Discover to a configured destination. For more information about configuring the Discover notifications connection, see Configuring Discover notifications.

Last updated: 9/18/2018 2:03 PM | Feedback