Succeeding with Discover

Follow these best practices to achieve maximum value and success with Tanium Discover. These steps align with the key benchmark metrics: increasing the percentage of managed endpoints and reducing the amount of time it takes to bring endpoints under management by Tanium.

steps to succeeding with discover steps to succeed with discover

Step 1: Gain organizational effectiveness

Complete the key organizational governance steps to maximize Discover value. For more information about each task, see Gaining organizational effectiveness.

Develop a dedicated change management process.

Define distinct roles and responsibilities in a RACI chart.

Validate cross-functional organizational alignment.

Develop a deployment plan.

Track operational metrics.

Step 2: Install Tanium modules

Install Tanium Discover. See Installing Discover.

Configure default action group computers. See Installing Discover.

Install Tanium Connect. See Tanium Connect User Guide: Installing Connect.

Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.

Install Tanium Direct Connect. See Tanium Direct Connect User Guide: Installing Direct Connect.

Install Tanium Client Management, which provides Tanium Endpoint Configuration. See Tanium Client Management User Guide: Installing Client Management.

When you import Discover with the Tanium Recommended Installation workflow, the following default settings are configured:

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Level 2 ping distributed profile This profile is created and deployed to all Tanium Clients. For more information about this type of profile, see Level 2 (ping).

Step 3: Define labels define labels

Step 2: Define labels define labels

Start with the Discover Label Gallery. Import the Collection of labels for New Deployment or POC. This collection includes labels for commonly unmanaged devices based on the manufacturer name, and a label that purges interfaces that have not been seen in 30 days.

In addition to these sample labels, customize labels for your specific environment. Define a label for targeting installation of Tanium Client on unmanaged interfaces.

See Labels.

Step 4: Run distributed Discover scans

Step 3: Run distributed Discover scans

If you already have the Tanium Client installed on a few endpoints in a subnet, you can use distributed scans. Distributed scans run on managed endpoints to identify unmanaged interfaces in targeted networks.

Based on the initial Develop a deployment plan, build a Discover profile.

If you are using a by-subnet deployment policy, test and continue to add subnets to the profile until you are comfortable that all required networks are covered.

See Running distributed scans.

Step 4: Run satellite scans

Step 5: Run satellite scans

Satellite scans are run from endpoints configured as "satellites" that can scan unmanaged devices on subnets that cannot be scanned using a distributed scan. Satellites are configured and verified in Tanium Direct Connect.

For more information about managing satellites, see Tanium Direct Connect User Guide: Managing satellites.

Based on the initial Develop a deployment plan, build a Discover satellite profile.

If you are using a by-subnet deployment policy, test and continue to add subnets to the profile until you are comfortable that all required networks are covered.

See Running satellite scans.

Step 6: Run centralized Discover scans

Centralized scans are run from the Tanium Module Server and can scan environments where no managed endpoints are available, such as Amazon Web Services (AWS) or an unmanaged subnet.

If you have an AWS environment with EC2 instances you would like to scan, you can create a centralized Amazon Web Services EC2 Cloud API scan. This scan uses the AWS API to get information about your EC2 instances.

If you have subnets that contain no Tanium Clients, run a centralized Nmap scan on the subnet targets.

See Running centralized scans.

Step 7: Assign locations

Step 5: Assign locations

Populating any information you have about your network before running Discover scans enriches the data that is returned. After you run scans, you might find networks that you did not originally know about. You can update the locations information to further populate locations in subsequent scans.

Determine a source for all network locations that exist in the enterprise. Typically the network team has this information in an IP Address Management (IPAM) database.

Create a CSV file to import into Discover. This hierarchy helps with regional identification of interfaces.

See Locations.

Step 8: Deploy Tanium Client

Use Discover labels for targeting the installation of Tanium Client on unmanaged interfaces. See Tanium Client Management User Guide: Configure a deployment.

Step 6: Download Tanium Client download tanium client

Download and install the Tanium Client. See Tanium Client Management User Guide.

Step 9: Monitor Discover metrics

Step 7: Monitor Discover metrics

From the Trends menu, click Boards and then click IT Operations Metrics to view the Interfaces Managed and Mean Time to Managed panels in the Discover section.

Customize Trends boards based on requirements. For example, you might build a panel of unmanaged devices in New York City based on criteria in Discover and watch it over time.

Troubleshooting Discover.

Troubleshooting Discover.