Review the requirements before you install and use Discover.
In addition to a license for the Discover product module, make sure that your environment also meets the following requirements.
|Platform||Version 7.2 or later|
|Tanium Client||Version 6.0.314.1442 or later|
|Tanium Connect||Version 3.2 or later (Optional; for exporting Discover data)|
|Tanium Network Quarantine||Version 1.0.2 or later (Optional; for network blocking)|
|Tanium Trends||Version 2.3 or later (Optional; for creating boards with Discover statistics)|
Discover is installed and runs as a service on the Module Server host computer. The impact on Module Server host computer sizing is minimal and depends on usage. Contact your Technical Account Manager (TAM) for details.
Managed endpoints perform discovery scans. The following table shows the discovery methods that are supported for different endpoint operating systems.
|Level 1 (ARP cache)||Level 1 (Interface Connections)||Level 2 (Simple Ping Script)||Level 3/4 (Nmap)|
1 For level 3 and 4 discovery on Windows 2003 Server and Windows XP, level 2 discovery is used.
2 For level 3 and 4 discovery on Solaris and AIX, level 2 discovery is used because Nmap is not supported on these platforms.
Specific ports and processes are needed to run Discover.
The following ports are required for Discover communication.
|Module Server||17446||Loopback||Discover||Internal purposes; not externally accessible|
|17447||Loopback||Discover||Internal purposes; not externally accessible|
If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.
|Module Server||<Module Server>\services\discover\node.exe|
|Endpoints (Windows)||C:\Program Files\Npcap (Level 3 and 4 profiles only)|
|<Tanium Client>Tools\Discover\nmap\nmap.exe (Level 3 and 4 profiles only)|
|Endpoints (macOS, Linux)||<Tanium Client>/Tools/Discover/nmap/nmap (Level 3 and 4 profiles only)|
If security software is deployed in the environment to monitor and block unknown URLs, your security administrator must whitelist the following URLs:
Role-based access control (RBAC) permissions control access to the Discover workbench. The predefined roles are Discover Service Account, Discover Admin, Discover User, and Discover Read Only User.
|Permission||Discover Service Account||Discover Administrator1||Discover User||Discover Read Only User|
View managed and unmanaged interfaces
Discover Asset Read
View lists of managed and unmanaged interfaces, export data from interface tables
Discover Asset Write
Apply or remove label on an interface
Discover Tag Write
Create or remove labels
Discover Manual Import Execute
Import interfaces manually with the Discover Unmanaged Interfaces button
Discover Settings Write
Edit Discover settings, manage profiles
Discover Profile Write
Create, edit, and delete Discover profiles
Discover Profile Read
View the configured Discover profiles
Discover Action Group Read
View the discover action group
Discover Location Permissions Write
Define locations and corresponding permissions for user groups
Manage backend components, including Discover action groups and computer groups
|1 The Content Administrator reserved role is required to edit the Discover action group.|
|Permission||Role type||Content set for permission||Discover Service Account||Discover Administrator||Discover User||Discover Read Only User|
|Read User||Micro Admin|
|Read Computer Group||Micro Admin|
|Write Computer Group||Micro Admin|
|Ask Dynamic Questions||Advanced|
|Execute Plugin||Advanced||Discover Content|
|Read Action||Advanced||Discover Content|
|Read Own Action||Advanced||Discover Content|
|Read Package||Advanced||Discover Content|
|Read Saved Question||Advanced||Discover Content|
|Read Sensor||Advanced||Discover Content|
|Write Action||Advanced||Discover Content|
|Write Package||Advanced||Discover Content|
|Write Saved Question||Advanced||Discover Content|
For signed in user:
For service account:
|Network Quarantine User||
|Network Quarantine Read Only User||
Last updated: 10/15/2019 1:57 PM | Feedback