Discover requirements

Review the requirements before you install and use Discover.

Tanium dependencies

In addition to a license for the Discover product module, make sure that your environment also meets the following requirements.

Component Requirement
Platform Version 7.2 or later
Tanium Client Version 6.0.314.1442 or later
Tanium Connect Version 3.2 or later (Optional; for exporting Discover data)
Tanium Network Quarantine Version 1.0.2 or later (Optional; for network blocking)
Tanium Trends Version 2.3 or later (Optional; for creating boards with Discover statistics)

Taniumâ„¢ Module Server

Discover is installed and runs as a service on the Module Server host computer. The impact on Module Server host computer sizing is minimal and depends on usage. Contact your Technical Account Manager (TAM) for details.

Endpoints

Managed endpoints perform discovery scans. The following table shows the discovery methods that are supported for different endpoint operating systems.

Table 1:   Supported platforms per discovery method
  Level 1 (ARP cache) Level 1  (Interface Connections) Level 2 (Simple Ping Script) Level 3/4 (Nmap)
Windows 1
Linux
macOS
Solaris 2
AIX 2

1 For level 3 and 4 discovery on Windows 2003 Server and Windows XP, level 2 discovery is used.

2 For level 3 and 4 discovery on Solaris and AIX, level 2 discovery is used because Nmap is not supported on these platforms.

Host and network security requirements

Specific ports and processes are needed to run Discover.

Ports

The following ports are required for Discover communication.

Component Port Direction Service Purpose
Module Server 17446 Loopback Discover Internal purposes; not externally accessible
17447 Loopback Discover Internal purposes; not externally accessible

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Table 2:   Discover security exclusions
Target Device Process
Module Server <Module Server>\services\discover\node.exe
<Module Server>\plugins\content\discover-proxy\proxyplugin.exe
<Module Server>\services\twsm-v1\twsm.exe
Endpoints (Windows) C:\Program Files\Npcap (Level 3 and 4 profiles only)
<Tanium Client>Tools\Discover\nmap\nmap.exe (Level 3 and 4 profiles only)
Endpoints (macOS, Linux) <Tanium Client>/Tools/Discover/nmap/nmap (Level 3 and 4 profiles only)

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLs, your security administrator must whitelist the following URLs:

  • content.tanium.com

User role requirements

Role-based access control (RBAC) permissions control access to the Discover workbench. The predefined roles are Discover Service Account, Discover Admin, Discover User, and Discover Read Only User.

Table 3:   Discover user role permissions
Permission Discover Service Account Discover Administrator1 Discover User Discover Read Only User


Show Discover

View managed and unmanaged interfaces


Discover Asset Read

View lists of managed and unmanaged interfaces, export data from interface tables


Discover Asset Write

Apply or remove label on an interface


Discover Tag Write

Create or remove labels


Discover Manual Import Execute

Import interfaces manually with the Discover Unmanaged Interfaces button


Discover Settings Write

Edit Discover settings, manage profiles


Discover Profile Write

Create, edit, and delete Discover profiles


Discover Profile Read

View the configured Discover profiles


Discover Action Group Read

View the discover action group

1

Discover Location Permissions Write

Define locations and corresponding permissions for user groups


Discover Components Manage

Manage backend components, including Discover action groups and computer groups

1 The Content Administrator reserved role is required to edit the Discover action group.

 

Table 4:   Provided Discover Micro Admin and Advanced user role permissions
Permission Role type Content set for permission Discover Service Account Discover Administrator Discover User Discover Read Only User
Read User Micro Admin  
Read Computer Group Micro Admin  
Write Computer Group Micro Admin  
Ask Dynamic Questions Advanced  
Execute Plugin Advanced Discover Content
Read Action Advanced Discover Content
Read Own Action Advanced Discover Content
Read Package Advanced Discover Content
Read Saved Question Advanced Discover Content
Read Sensor Advanced Discover Content
Read Sensor Advanced Reserved
Write Action Advanced Discover Content
Write Package Advanced Discover Content
Write Saved Question Advanced Discover Content

 

Table 5:   Optional roles for Discover
Role Enables
Connect User

For signed in user: 

  • Configure connections for Discover notifications
  • Configure connections for exporting interface reports

For service account: 

  • Send Discover notifications
Administrator
  • Create Trends boards from Discover sources
Network Quarantine User
  • View quarantined interfaces on Interfaces pages
  • Quarantine and unquarantine interfaces
Network Quarantine Read Only User
  • View quarantined interfaces on Interfaces pages

Last updated: 10/15/2019 1:57 PM | Feedback