Configuring Integrity Monitor

For instructions on installing and configuring Integrity Monitor in an on-premises environment, see Installing Integrity Monitor.

Prepare Endpoints

(Windows) Configure permission recording

To monitor permission event types, you must configure the Audit File System permission under Local Security Policy on the endpoint.

To determine whether this permission is already configured, ask the question: Get Integrity Monitor Endpoint Tools Status and Computer name from all machines. If the permission is not configured, endpoints report Recorder - Error: File permission auditing is disabled.

To configure the Audit File System permission, complete the following steps. (These steps apply to Windows 10 and might vary for different versions of Windows.)

  1. From the Control Panel, open Administrative Tools > Local Security Policy.
  2. Go to Security Settings > Advanced Audit Policy Configuration > System Audit Policies - Local Group Policy Object > Object Access.
  3. Double-click Audit File System.
  4. Select Configure the following audit events: and then select Success.
  5. Click OK.

Configure Integrity Monitor

Manage solution configurations with Tanium Endpoint Configuration

Tanium Endpoint Configuration delivers configuration information and required tools for Tanium Solutions to endpoints. Endpoint Configuration consolidates the configuration actions that traditionally accompany additional Tanium functionality and eliminates the potential for timing errors that occur between when a solution configuration is made and the time that configuration reaches an endpoint. Managing configuration in this way greatly reduces the time to install, configure, and use Tanium functionality, and improves the flexibility to target specific configurations to groups of endpoints.

Endpoint Configuration is installed as a part of Tanium Client Management. For more information, see the Tanium Client Management User Guide: Installing Client Management.

Additionally you can use Endpoint Configuration to manage configuration approval. For example, configuration changes are not deployed to endpoints until a user with approval permission approves the configuration changes in Endpoint Configuration. For more information about the roles and permissions that are required to approve configuration changes for Integrity Monitor, see User role requirements.

To use Endpoint Configuration to manage approvals, you must enable configuration approvals.

  1. From the Main menu, go to Administration > Shared Services > Endpoint Configuration to open the Endpoint Configuration Overview page.
  2. Click Settings and click the Global tab.
  3. Select Enable configuration approvals, and click Save.

For more information about Endpoint Configuration, see Tanium Endpoint Configuration User Guide.