Engage requirements

Review the requirements before you install and use Engage.

Core platform dependencies

Make sure that your environment meets the following requirements:

  • Tanium license that includes Engage

  • Tanium™ Core Platform servers 7.5.6.1052 or later

  • Tanium™ Client 7.4.1.1955 or later

Computer group dependencies

When you first sign in to the Tanium Console after a fresh installation of Tanium Server, the server Tanium Cloud automatically imports the All Windows Workstations computer group.

Solution dependencies

Other Tanium solutions are required for Engage to function (required dependencies) or for specific Engage features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.

Some Engage dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies and Engage requirements. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Engage requires.

Tanium recommended installation

If you select Tanium Recommended Installation when you import Engage, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.

Import specific solutions

If you select only Engage to import, the Tanium Server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Engage, the server automatically updates those dependencies to the latest available versions.

Required dependencies

Engage has the following required dependencies at the specified minimum versions:

Client extensions

Tanium Endpoint Configuration installs client extensions for Engage on endpoints. Client Extensions perform tasks that are common to certain Tanium solutions. The Tanium Client uses code signatures to verify the integrity of each client extension prior to loading the extension on the endpoint. Each client extension has recommended security exclusions to allow the Tanium processes to run without interference. See Security exclusions for more information. The following client extensions perform Engage functions:

  • End User CX - Provides a mechanism to send surveys to collect qualitative feedback from endpoint users. Tanium Engage installs this client extension.

Tanium™ Module Server

Engage is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

For information about Module Server sizing in a Windows deployment, see Tanium Core Platform Deployment Guide for Windows: Host system sizing guidelines.

Endpoints

Supported operating systems

The following endpoint operating systems are supported with Engage.

  • Windows

Host and network security requirements

Specific ports and processes are needed to run Engage.

Ports

The following ports are required for Engage communication.

Source Destination Port Protocol Purpose
Module Server Tanium Cloud Module Server (loopback) 17454 TCP Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Engage security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server Process <Module Server>\services\engage-service\TaniumEngageService.exe
Windows endpoints Process <Tanium Client>\extensions\TaniumEndUser.dll
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
Folder /Library/Tanium/EndUserNotifications
Engage security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints Process <Tanium Client>\extensions\TaniumEndUser.dll
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
Process <Tanium Client>\TaniumCX.exe

You must also apply End-User Notifications exclusions for Windows endpoints.

User role requirements

The following tables list the role permissions required to use Engage. To review a summary of the predefined roles, see Set up Engage users.

For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Engage user role permissions
Permission Engage Administrator1,3,4 Engage Operator1,3,4 Engage Question Author1,3,4 Engage Remediation Author1,3 Engage User1,3 Engage Service Account3,4

Engage

View the Engage workbench

SHOW

SHOW

SHOW

SHOW

SHOW

SHOW

Engage Questions

Read and write access to Engage survey questions

READ
WRITE

READ
WRITE

READ
WRITE

READ

READ

Engage Remediations

Read and write access to the Engage remediations
READ
WRITE
READ
WRITE
READ
READ
WRITE
READ

Engage Service Account

Operate the Engage service
EXECUTE

Engage Settings

Write access to platform settings in the Engage module

WRITE

WRITE


READ

READ

READ
WRITE


Engage Surveys

Read and write access to Engage surveys



AUTHOR
OVERRIDE
READ
WRITE



AUTHOR
OVERRIDE
READ
WRITE

READ

READ

AUTHOR
READ
WRITE

1 This role provides module permissions for Tanium Reporting. You can view which Reporting permissions are granted to this role in the Tanium Console. For more information, see Tanium Reporting User Guide: User role requirements.

2 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

3 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions.

4 Grants access to content in the Engage content set.
Provided Engage administration and platform content permissions
Permission Permission Type Engage Administrator1 Engage Operator Engage Question Author Engage Remediation Author Engage User Engage Service Account
Action Group Administration
READ
WRITE
Computer Group Administration
READ
READ
READ
READ
READ
READ
Import Signed Content Administration
SPECIAL
Global Settings Administration
READ
Action Platform Content
READ1
READ1
READ1
READ1
READ1
READ1
WRITE1
Filter Group Platform Content
READ1
READ1
READ1
READ1
READ1
READ1
Own Action Platform Content
READ1
READ1
READ1
READ1
READ1
READ1
Package Platform Content
READ1
Plugin Platform Content
READ1
READ1
EXECUTE1
READ1
EXECUTE1
READ1
EXECUTE1
READ1
EXECUTE1
READ1
EXECUTE1
Sensor Platform Content
READ1
READ1
READ1
READ1
READ1
READ1

To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions.

1 Grants access to content in the Engage content set only.
Optional roles for Engage
Role Enables
End-User Notifications Endpoint Configuration Operator Manage most configurations and deployment of End-User Notifications functionality to endpoints.