Maintaining Discover

Perform monthly maintenance tasks to ensure that Discover successfully performs scheduled activities on all the targeted endpoints and does not overuse endpoint or network resources. If Discover is not performing as expected, you might need to troubleshoot issues or change settings. See Troubleshooting Discover for related procedures.

Review and remediate Discover resource usage on the Module Server

From the Main menu, go to Modules > Trends > Boards.
Click the Discover - Module Health board and
review the panels for resource usage issues.
To troubleshoot resource usage issues, see Troubleshooting Discover.

Review and update discovery methods

From the Main menu, go to Modules > Discover > Profiles.
Review the Status of the profiles for warnings or errors. These conditions are the result of a profile mismatch between Tanium Cloudthe Tanium Server and the Tanium Client.
Contact Tanium Support if necessary to resolve any warning or error conditions.
Review profile configurations to verify that their discovery methods are optimal. For example:
- Verify that scanning excludes virtual private network (VPN) connections. Clients that connect over a VPN are typically isolated leaders that do not peer with each other. See Tanium Client Management User Guide: Verify or remediate Tanium Client peering and leader connections.
- Review unmanaged endpoints to determine if they are eligible for the Tanium Client. See View interface data.
Troubleshoot discovery issues if necessary. See Troubleshooting Discover.
Edit profiles if necessary to resolve discovery issues: go to the Profiles page, click the profile Name and reconfigure the settings. For detailed steps, see:
Delete profiles that are no longer useful: on the Profiles page, select the profiles, and click Delete Profile.

Monitor and troubleshoot endpoints managed

The following table lists contributing factors into why the Endpoints Managed (%) metric might be lower than expected, and corrective actions you can make.

Contributing factor	Corrective action
Installation Method Gap	Use existing tools that are already part of the infrastructure. Use standard tools (might only cover a subset of potential systems in your environment) such as: SCCM - easy deployment mechanism (Windows only) Group Policy - with the correct setting can deploy Tanium Client (Windows only) Salt - a common tool used for installation of software in any environment (cross-platform) Use a Tanium-provided installation method such as Tanium Client Management
Credential Gaps	Use of any of the Tanium-provided installation methods involves using credentials to access the systems. Work with various management teams and deployment teams to understand what credentials are available to do installations on systems. Work with server or workstation support teams to understand these areas.
Network Gaps	Installing clients on "protected" networks such as DMZs or other sensitive areas is often a problem. These issues are technical, but the technical hurdles are generally an issue with policies and permissions. Work with the correct stakeholders to understand how Tanium will be used in the environment. Negotiate restrictions to be lessened to allow installation of Tanium Clients in these protected networks.

Monitor and troubleshoot mean time to manage

The following table lists contributing factors into why the Mean Time to Managed metric might be higher than expected, and corrective actions you can make.

Contributing factor	Corrective action
No automation	Tanium Discover can find clients, but with no action, a project can stall. Automating installation with Discover labels to target installation with Tanium Client Management is key. Take the human interaction out when possible, or build a workflow around Discover labels when items are found to feed into Tanium Connect and create help desk tickets or simple email lists.
Non-optimized Discovery settings	Adjust configuration settings. The key elements are how often to scan, and how often to import data. The Discover scans are built to be “low impact” on any network environment. Recommended scanning is once an hour in most environments. Scanning once an hour causes near zero impact and is fast enough to take action on unmanaged interfaces. Recommended importing is every thirty minutes and causes near zero impact to an environment. Exclude scanning in parts of the network where you do not need scanning. To be successful in any enterprise, exceptions are always required. Discover has fine-grained control so you can exclude what you do not want to scan. More information: Tanium Community article: Getting Surgical with Endpoint Discovery: Using Targeting and Exclusions in Tanium Discover. Select a discovery method that provides OS details. If installation requirements are governed by operating system (such as different teams are responsible for installation on different operating systems), selecting the right discovery method is key. Nmap with OS Fingerprinting (level 4 distributed scan, or centralized scans) are required to effectively understand the operating system. Level 2 ping scans can provide OS in some but not all cases. Use Discover Labels to make better sense of your environment, so you can bring items under management. Use the Tanium label gallery to import common labels to help determine manageability of existing interfaces. See Tanium Community article: Discover Labels - Common labels available for import Best practices Tanium Community discussion: How do I configure Tanium Discover so that home networks are not scanned? Tanium Community discussion: Visibility of discovered assets - Removing Devices from view Tanium Community discussion: Visibility of discovered assets - Finding likely manageable resources Tanium Community discussion: I see assets in my Tanium Discover data that are no longer online, how do I keep my Tanium Discover database clean?
Regional Ownership	Often various regions have different support structures in the larger enterprise. Understanding what systems belong to these regions is key to providing the guidance to the owning team they need to help install. Use locations to export or visualize data. See this three-part article: Tanium Community article: Add a new dimension to your endpoint data with locations - Part 1 Tanium Community article: Add a new dimension to your endpoint data with locations - Part 2 Tanium Community article: Add a new dimension to your endpoint data with locations - Part 3
Understand your environment	Proper deployment sometimes requires understanding what is working and what is not working. With the data grids and graphs in Discover, you have a real-time view the environment. With a high level view over time, you can understand how deployments are working and cross-pollinate various ideas that work across a larger group. To get a high level view, use the Discover boards in Tanium Trends: Tanium Community article: Use Trends to visualize Discover interfaces over time.