Succeeding with Discover
Follow these best practices to achieve maximum value and success with Tanium Discover. These steps align with the key benchmark metrics: increasing the percentage of managed endpoints and reducing the amount of time it takes to bring endpoints under management by Tanium.
Develop a dedicated Change management process.
Define distinct roles and responsibilities in a RACI chart.
Validate cross-functional Organizational alignment.
Track Operational metrics.
Install Tanium Discover. See Installing Discover.
Configure service account. See Configure service account.
Configure default action group computers. See Configure Discover action group.
Install Tanium Connect. See Tanium Connect User Guide: Installing Connect.
Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.
Install Tanium Network Quarantine. See Tanium Network Quarantine User Guide: Installing Network Quarantine.
Install Tanium Client Management. See Tanium Client Management User Guide: Installing Client Management.
Start with the Discover Label Gallery. Import the Collection of labels for New Deployment or POC. This collection includes labels for commonly unmanaged devices based on the manufacturer name, and a label that purges interfaces that have not been seen in 30 days.
In addition to these sample labels, customize labels for your specific environment. Define a label for targeting installation of Tanium Client on unmanaged interfaces.
If you already have the Tanium Client installed on a few endpoints in a subnet, you can use distributed scans. Distributed scans run on managed endpoints to identify unmanaged interfaces in targeted networks.
Based on the initial Develop a deployment plan, build a Discover profile.
If you are using a by-subnet deployment policy, test and continue to add subnets to the profile until you are comfortable that all required networks are covered.
Centralized scans are run from the Tanium Module Server and can scan environments where no managed endpoints are available, such as Amazon Web Services (AWS) or an unmanaged subnet.
If you have an AWS environment with EC2 instances you would like to scan, you can create a centralized Amazon Web Services EC2 Cloud API scan. This scan uses the AWS API to get information about your EC2 instances.
If you have subnets that contain no Tanium Clients, run a centralized Nmap scan on the subnet targets.
Populating any information you have about your network before running Discover scans enriches the data that is returned. After you run scans, you might find networks that you did not originally know about. You can update the locations information to further populate locations in subsequent scans.
Determine a source for all network locations that exist in the enterprise. Typically the network team has this information in an IP Address Management (IPAM) database.
Create a CSV file to import into Discover. This hierarchy helps with regional identification of interfaces.
Set up certificate or password-based authentication to the network access control (NAC) solution.
Use Discover to send devices to be quarantined (devices can be managed or unmanaged). See Block network access with Network Quarantine. Palo Alto Networks Layer 3 Firewall and Cisco Identity Services Engine (ISE) are supported NAC devices with Network Quarantine.
Use Discover labels for targeting the installation of Tanium Client on unmanaged interfaces. See Tanium Client Management User Guide: Configure a deployment.
Download and install the Tanium Client. See Tanium Client User Guide.
Import the Discover - Interfaces and Discover - Labels boards from the Trends initial gallery. See Tanium Trends User Guide: Importing the initial gallery.
Customize Trends boards based on requirements. For example, you might build a panel of unmanaged devices in New York City based on criteria in Discover and watch it over time.
Last updated: 9/1/2020 3:21 PM | Feedback