Succeeding with Discover

Follow these best practices to achieve maximum value and success with Tanium Discover. These steps align with the key benchmark metrics: increasing the percentage of managed endpoints and reducing the amount of time it takes to bring endpoints under management by Tanium.

steps to succeeding with discover steps to succeed with discover

Step 1: Gain organizational effectiveness organizational planning

Develop a dedicated Change management process.

Define distinct roles and responsibilities in a RACI chart.

Validate cross-functional Organizational alignment.

Develop a deployment plan.

Track Operational metrics.

Step 2: Install Tanium modules install modules

Install Tanium Discover. See Installing Discover.

Configure service account. See Configure service account.

Configure default action group computers. See Configure Discover action group.

Install Tanium Connect. See Tanium Connect User Guide: Installing Connect.

Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.

Install Tanium Network Quarantine. See Tanium Network Quarantine User Guide: Installing Network Quarantine.

Install Tanium Client Management. See Tanium Client Management User Guide: Installing Client Management.

Step 3: Define labels define labels

Step 2: Define labels define labels

Start with the Discover Label Gallery. Import the Collection of labels for New Deployment or POC. This collection includes labels for commonly unmanaged devices based on the manufacturer name, and a label that purges interfaces that have not been seen in 30 days.

In addition to these sample labels, customize labels for your specific environment. Define a label for targeting installation of Tanium Client on unmanaged interfaces.

See Labels.

Step 4: Run distributed Discover scans run distributed scans

Step 3: Run distributed Discover scans run distributed scans

If you already have the Tanium Client installed on a few endpoints in a subnet, you can use distributed scans. Distributed scans run on managed endpoints to identify unmanaged interfaces in targeted networks.

Based on the initial Develop a deployment plan, build a Discover profile.

If you are using a by-subnet deployment policy, test and continue to add subnets to the profile until you are comfortable that all required networks are covered.

See Running distributed scans.

Step 5: Run centralized Discover scans run centralized scans

Centralized scans are run from the Tanium Module Server and can scan environments where no managed endpoints are available, such as Amazon Web Services (AWS) or an unmanaged subnet.

If you have an AWS environment with EC2 instances you would like to scan, you can create a centralized Amazon Web Services EC2 Cloud API scan. This scan uses the AWS API to get information about your EC2 instances.

If you have subnets that contain no Tanium Clients, run a centralized Nmap scan on the subnet targets.

See Running centralized scans.

Step 6: Assign locations assign locations

Step 4: Assign locations assign locations

Populating any information you have about your network before running Discover scans enriches the data that is returned. After you run scans, you might find networks that you did not originally know about. You can update the locations information to further populate locations in subsequent scans.

Determine a source for all network locations that exist in the enterprise. Typically the network team has this information in an IP Address Management (IPAM) database.

Create a CSV file to import into Discover. This hierarchy helps with regional identification of interfaces.

See Locations.

Step 7: Quarantine interfaces quarantine interfaces

Set up certificate or password-based authentication to the network access control (NAC) solution.

Use Discover to send devices to be quarantined (devices can be managed or unmanaged). See Block network access with Network Quarantine. Palo Alto Networks Layer 3 Firewall and Cisco Identity Services Engine (ISE) are supported NAC devices with Network Quarantine.

Step 8: Deploy Tanium Client deploy tanium client

Use Discover labels for targeting the installation of Tanium Client on unmanaged interfaces. See Tanium Client Management User Guide: Configure a deployment.

Step 5: Download Tanium Client download tanium client

Download and install the Tanium Client. See Tanium Client User Guide.

Step 9: Monitor Discover metrics

Step 6: Monitor Discover metrics

Import the Discover - Interfaces and Discover - Labels boards from the Trends initial gallery. See Tanium Trends User Guide: Importing the initial gallery.

Customize Trends boards based on requirements. For example, you might build a panel of unmanaged devices in New York City based on criteria in Discover and watch it over time.

Monitor and troubleshoot endpoints managed.

Monitor and troubleshoot mean time to manage.