Discover requirements

Review the requirements before you install and use Discover.

Tanium dependencies

Component Requirement
Platform Version 6.5 or later.
Tanium Client All Tanium Client versions are supported.
Tanium Connect

Version 3.2 or later (for network blocking and notifications).

License For information about licensing Discover, contact your Technical Account Manager (TAM). The license for Discover includes the following solutions:
  • Discover
  • Discover Client Deploy

Third-party software requirements

  • PsExec v2.11 or later (Optional; for using PSEXEC to deploy Tanium Client)

Tanium Module Server computer resources

Discover is installed and runs as a service on the Module Server host computer. The impact on Module Server host computer sizing is minimal and depends on usage. Contact your TAM for details.

Host and network security requirements

Specific ports and processes are needed to run Discover.


The following ports are required for Discover communication.

Component Port Direction Service Purpose
Module Server 17446 Loopback Discover Internal purposes; not externally accessible.
17447 Loopback Discover Internal purposes; not externally accessible.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Target Device Process
Tanium Module Server
  • node.exe
  • ProxyingPlugin.exe

  • twsm.exe
Endpoint Computers
  • expand.exe
  • npcap-0.93.exe
  • vcredist_x86.exe
  • nmap.exe

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLs, your security administrator must whitelist the following URLs:


Console roles and privileges

Tanium Server 7.0

Administrator user role is required for all Discover functions.

Tanium Server 7.1

Discover 2.2 introduces role-based access control (RBAC) permissions that control access to the Discover workbench. The three predefined roles are Discover Admin, Discover User, and Discover Read Only User.

The Discover Administrator role also provides legacy Tanium Administrator privileges.

Table 1:   Tanium 7.1 Discover User Role Privileges
Privilege Discover Administrator Discover User Discover Read Only User

Show Discover

View managed and unmanaged interfaces

Discover Asset Read

View lists of managed and unmanaged interfaces, export data from interface tables

Discover Asset Write

Apply or remove label on an interface

Discover Asset Block

Block interface with Palo Alto Dynamic Address Group

Discover Asset Unblock

Unblock interface with Palo Alto Dynamic Address Group

Discover Tag Write

Create or remove labels

Discover Manual Import Execute

Import interfaces manually with the Discover Unmanaged Interfaces button

Discover Settings Write

Edit Discover settings, create discovery methods

Last updated: 7/11/2018 2:53 PM | Feedback