Upgrading from previous versions of Discover

Tanium as a Service automatically handles module installations and upgrades.

If you installed previous versions of Discover, complete the following migration activities. To directly upgrade to Discover 4.0, you must have Discover 2.10 or later. If you are using a release prior to 2.10, contact Tanium Support. For more information, see Contact Tanium Support.

Select one of the following upgrade paths based on your environment:

  • Upgrade directly from Discover 2.10 or later to Discover 4.0. Select this path if you have a limited number of discovery method configurations and are willing to manually create profiles to replace discovery method configurations.
  • Upgrade from Discover 2.10 or later to 3.3 and then 3.3 to 4.0. Select this path if you have a substantial number of discovery method configurations. Discover 3.3 can migrate discovery method configurations to profiles.
  • Upgrade from Discover 3.3 to 4.0.

Upgrade directly from Discover 2.10 or later to Discover 4.0

Upgrade directly from Discover 2.10 or later to Discover 4.0 if you have a limited number of discovery method configurations and are willing to manually create profiles to replace discovery method configurations.

Upgrade Discover module from 2.10 or later to 4.0

  1. Notify Tanium users not to use Discover until the upgrade process finishes. Otherwise, the users might lose work in progress.

  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. In the Discover section, click Upgrade to Version.
  4. Review the list of saved actions, packages, and sensors. Most are overwritten during the upgrade process. Select Include content set overwrite. Click Proceed with Import.
  5. To confirm the upgrade, return to the Tanium Solutions page and check the Installed version for Discover.
  6. The Discover actions are re-created during upgrade. If you have action approval enabled, you must approve these actions. From the Main menu, go to Administration > Actions > Actions To Approve. For more information, see Tanium Console User Guide: Using action approval.

Configure Discover action group

You can now configure an action group that deploys tools to specific computer groups. For more information, see Configure Discover action group.

Networking mapping tools, such as Npcap, are only distributed to endpoints when a scan is scheduled.

When you upgrade Discover, the existing scheduled actions for discovery methods are removed automatically. The Tanium Discover action group is used with Discover 4.0. Do not delete this action group.

Create profiles to replace discovery method configurations

Discover 3.0 and later changes the configuration and targeting of discover scans. Before 3.0, you deployed a discovery method to a computer group and then configured exclusions separately. With Discover 3.0 and later, you create a profile that includes network inclusions and exclusions, discovery method, and schedule. For more information about profiles, see Configure profile for distributed scan.

Upgrade from Discover 2.10 or later to 3.3

Upgrade from Discover 2.10 or later to 3.3 if you have a substantial number of discovery method configurations. Discover 3.3 can migrate discovery method configurations to profiles. After you complete this upgrade, then Upgrade from Discover 3.3 to 4.0.

Upgrade Discover module from 2.10 or later to 3.3

  1. Contact Tanium Support to obtain the Discover 3.3 module package. For more information, see Contact Tanium Support.
  2. From the Main menu, go to Administration > Configuration > Solutions and import the module.
  3. Review the list of saved actions, packages, and sensors. Most are overwritten during the upgrade process. Select Include content set overwrite. Click Proceed with Import.
  4. To confirm the upgrade, return to the Tanium Solutions page and check the installed version for Discover.
  5. The Discover actions are re-created during upgrade. If you have action approval enabled, you must approve these actions again. From the Main menu, go to Console > Actions > Actions To Approve. For more information, see Tanium Console User Guide: Using action approval.

Configure Discover action group

You can now configure an action group that deploys tools to specific computer groups. For more information, see Configure Discover action group.

Networking mapping tools, such as Npcap, are only distributed to endpoints when a scan is scheduled.

When you upgrade Discover, the existing scheduled actions for discovery methods are removed automatically. The Tanium Discover action group is used with Discover 3.0 or later. Do not delete this action group.

Migrate discovery method configurations to profiles

Discover 3.0 changed the configuration and targeting of discover scans. Before 3.0, you deployed a discovery method to a computer group and then configured exclusions separately. With Discover 3, you create a profile that includes network inclusions and exclusions, discovery method, and schedule. For more information about profiles, see Configure profile for distributed scan.

After you upgrade to Discover 3, you can migrate existing configured discovery methods to profiles.

  1. From the Discover menu, click Profiles.
  2. In the Discovery Methods (Legacy) section, review the suggested profiles. To create a suggested profile, click Create This Profile.
  3. Review the configured settings for the profile and click Create.
  4. When you are done migrating the legacy discovery methods to profiles, click Delete All Methods to remove the remaining suggested profiles and the Discovery Methods (Legacy) section.

If the legacy discovery method uses the Override setting on the scan window, this setting gets overridden when you import a new version of Discover. When a new version of the Discover tools is deployed to the endpoints, the scan window gets reset and the previous scan data is deleted. Scans occur immediately.

Upgrade from Discover 3.3 to 4.0

  1. Notify Tanium users not to use Discover until the upgrade process finishes. Otherwise, the users might lose work in progress.

  2. For the steps to upgrade Discover, see Tanium Console User Guide: Manage Tanium modules.

  3. After the upgrade, verify that the correct version is installed.

Review behavior changes

Tanium™ Network Quarantine for block and unblock actions

If you previously configured network blocking and unblocking with Tanium™ Connect, use Tanium™ Network Quarantine instead. Network Quarantine integrates with Discover and supports blocking by IP or MAC addresses. Palo Alto Networks Layer 3 Firewall and Cisco Identity Services Engine (ISE) are the supported network access controls. For more information, see Tanium Network Quarantine User Guide.