Health Check requirements

Review the requirements before you install and use Health Check.

Tanium dependencies

Make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.2 or later.
License For information about licensing, Contact Tanium Support.

Tanium™ Module Server

Health Check is installed and runs as a service on the Module Server. The resource impact on the Module Server is minimal and depends on usage.

Endpoints

Health Check does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements.

Host and network security requirements

Specific ports and processes are needed to run Health Check.

Ports

The following ports are required for Health Check communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17242 TCP Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Table 1:   Health Check security exclusions
Target Device Notes Process
Module Server   <Module Server>\services\health-service\node.exe
  <Module Server>\services\health-service\twsm.exe

User role requirements

The Administrator reserved role is required for all Health Check tasks.