Discover requirements
Review the requirements before you use Discover.
Also review the Tanium as a Service requirements, described in Tanium as a Service User Guide: Tanium as a Service requirements.
Tanium dependencies
In addition to a license for the Discover product module, make sure that your environment also meets the following requirements.
| Component | Requirement |
|---|---|
| Tanium™ Core Platform | Version 7.2 or later |
| Tanium™ Client |
Version 6.0.314.1442 or later Version 7.4 or later |
| Tanium Products | If you clicked the Install with Recommended Configurations button when you installed Discover, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Discover requires to function, as described under Tanium Console User Guide: Manage Tanium modules.
The following modules are optional, but Discover requires the specified minimum versions to work with them:
|
Tanium™ Module Server
Discover is installed and runs as a service on the Module Server host computer. The impact on Module Server host computer sizing is minimal and depends on usage.
For more information, see Tanium Core Platform Installation Guide: Host system sizing guidelines.
Endpoints
Supported operating systems
For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements. Managed endpoints perform discovery scans.
| Operating System | Version |
|---|---|
| Windows | Windows Server 2008 R2 endpoints must have Service Pack 1 installed. For other Windows operating systems, see Tanium Client User Guide: Host system requirements. |
| macOS | 10.11 and later |
| Linux |
Same as Tanium Client support |
| Solaris |
Same as Tanium Client support |
| AIX | Same as Tanium Client support |
| Level 1 (ARP cache) | Level 1 (Interface Connections) | Level 2 (Ping) | Level 3/4 (Nmap) | |
|---|---|---|---|---|
| Windows |
|
|
|
1
|
| Linux |
|
|
|
|
| macOS |
|
|
|
|
| Solaris |
|
|
3
|
 2
|
| AIX |
|
|
|
2
|
|
1 For level 3 and 4 discovery on Windows 2003 Server and Windows XP, level 2 discovery is used. 2 For level 3 and 4 discovery on Solaris and AIX, level 2 discovery is used because Nmap is not supported on these platforms. 3 Solaris endpoints do not perform OS detection. |
||||
Host and network security requirements
Specific ports and processes are needed to run Discover.
Ports
For Tanium as a Service ports, see Tanium as a Service User Guide: Host and network security requirements.
The following ports are required for Discover communication.
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
|
Module Server |
Module Server | 17446 | TCP and UDP | Internal purposes for Discover; not externally accessible |
| Module Server | 17447 | TCP and UDP | Internal purposes for Discover; not externally accessible | |
|
ec2.*.amazonaws.com sts.*.amazonaws.com ssm.*.amazonaws.com |
443 | TCP | Access to Amazon Web Services for Discover centralized Amazon EC2 environment scans | |
| Endpoints | Top 1,000 TCP and UDP ports (nmap default) | TCP and UDP | OS fingerprinting for Discover centralized Nmap scans |
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
| Target Device | Notes | Process |
|---|---|---|
| Module Server | "<Module Server>\services\discover\node.exe | |
| <Module Server>\plugins\content\discover-proxy\proxyplugin.exe | ||
| <Module Server>\services\twsm-v1\twsm.exe | ||
| Windows endpoints | (Level 3 and 4 profiles only) | C:\Program Files\Npcap |
| (Level 3 and 4 profiles only) | <Tanium Client>Tools\Discover\nmap\nmap.exe | |
| Linux endpoints | (Level 3 and 4 profiles only) |
<Tanium Client>/Tools/Discover/nmap/nmap |
| macOS endpoints | (Level 3 and 4 profiles only) | <Tanium Client>/Tools/Discover/nmap/nmap |
Internet URLs
If security software is deployed in the environment to monitor and block unknown URLs, your security administrator must whitelist the following URLs:
-
content.tanium.com
-
ec2.*.amazonaws.com, sts.*.amazonaws.com, and ssm.*.amazonaws.com (for centralized scans of Amazon EC2 environments)
User role requirements
Role-based access control (RBAC) permissions control access to the Discover workbench. The predefined roles are
| Permission | Discover Service Account | Discover Administrator2 | Discover Operator | Discover User | Discover Read Only User |
|---|---|---|---|---|---|
|
View managed and unmanaged interfaces |
|
|
|
|
|
|
View lists of managed and unmanaged interfaces, export data from interface tables |
|
|
|
|
|
|
Discover Asset Write Apply or remove label on an interface |
|
|
|
|
|
|
Discover Tag Write Create or remove labels |
|
|
|
3
|
|
|
Discover Manual Import Execute Import interfaces manually with the Discover Unmanaged Interfaces button |
1
|
|
|
|
|
|
Discover Settings Write Edit Discover settings |
|
|
|
|
|
|
Discover Profile Write Create, edit, and delete Discover profiles |
|
|
|
|
|
|
Discover Profile Read View the configured Discover profiles |
|
|
1
|
|
|
|
Discover Keys Rotate Rotate keys used to encrypt sensitive data |
|
|
|
|
|
|
Discover Location Permissions Write Define locations and corresponding permissions for user groups |
|
|
|
|
|
|
Discover Locations Write Define locations by importing CSV file |
|
|
|
|
|
|
Manage backend components, including Discover action groups and computer groups |
|
|
|
|
|
|
Discover Use Api Use the Discover API |
|
|
|
|
|
|
Trends API Board Write Create, edit, delete, and configure boards, sections, and panels for specified content sets |
1
|
|
|
|
|
|
Trends API Board Read View boards, sections, and panels for specified content sets |
1
|
|
|
|
|
|
Trends API Source Write View boards, sections, and panels for specified content sets |
1
|
|
|
|
|
|
Trends API Source Read View and list sources for specified content sets |
1
|
|
|
|
|
|
Trends Data Read Run data queries against sources |
1
|
|
|
|
|
|
Trends Integration Service Account Provide access for module service accounts to read and write data, and to define sources and boards |
|
|
|
|
|
|
Trends Import Import from file or gallery Does not grant access to create new or custom boards and sources |
|
|
|
|
|
|
Connect Event Write Write access to events |
|
|
|
|
|
|
Connect Eventschema Write Write access to event schemas via API |
|
|
|
|
|
|
Connect Eventschema Read Read access to event schemas via API |
|
|
|
|
|
|
1 Denotes a provided permission. 2 The Content Administrator reserved role is required to edit the Discover action group. 3If location permissions are defined, Discover User role cannot create labels. |
|||||
| Permission | Role type | Content set for permission | Discover Service Account | Discover Administrator | Discover Operator | Discover User | Discover Read Only User |
|---|---|---|---|---|---|---|---|
| Read User | Micro Admin |
|
|
|
|
|
|
| Read User Group | Micro Admin |
|
|
|
|
|
|
| Read Computer Group | Micro Admin |
|
|
|
|
|
|
| Write Computer Group | Micro Admin |
|
|
|
|
|
|
| Read Filter Group | Micro Admin |
|
|
|
|
|
|
| Write Filter Group | Micro Admin |
|
|
|
|
|
|
| Ask Dynamic Questions | Advanced |
|
|
|
|
|
|
| Execute Plugin | Advanced | Discover Content |
|
|
|
|
|
| Execute Plugin | Advanced | Trends Content |
|
|
|
|
|
| Execute Plugin | Advanced | Connect Content |
|
|
|
|
|
| Read Plugin | Advanced | Discover Content |
|
|
|
|
|
| Read Plugin | Advanced | Trends Content |
|
|
|
|
|
| Read Plugin | Advanced | Connect Content |
|
|
|
|
|
| Read Action | Advanced | Discover Content |
|
|
|
|
|
| Read Own Action | Advanced | Discover Content |
|
|
|
|
|
| Read Package | Advanced | Discover Content |
|
|
|
|
|
| Read Saved Question | Advanced | Discover Content |
|
|
|
|
|
| Read Sensor | Advanced | Discover Content |
|
|
|
|
|
| Read Sensor | Advanced | Reserved |
|
|
|
|
|
| Write Action | Advanced | Discover Content |
|
|
|
|
|
| Write Package | Advanced | Discover Content |
|
|
|
|
|
| Write Saved Question | Advanced | Discover Content |
|
|
|
|
|
| Show Preview | Advanced | Discover Content |
|
|
|
|
|
| Role | Enables |
|---|---|
| Connect User |
For signed in user:
|
| Administrator |
|
| Network Quarantine User |
|
| Network Quarantine Read Only User |
|
Last updated: 7/27/2020 10:26 AM | Feedback