Installing Integrity Monitor

Tanium Cloud automatically handles module installations and upgrades.

For information about configuring Integrity Monitor for Tanium™ Cloud, see Configuring Integrity Monitor.

Use the Tanium Console Solutions page to install Integrity Monitor and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Integrity Monitor is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For more information about the automatic configuration for Integrity Monitor, see Import Integrity Monitor with default settings.
  • Manual configuration with custom settings: After installing Integrity Monitor, you must manually configure required settings. Select this option only if Integrity Monitor requires settings that differ from the recommended default settings. For more information, see Import Integrity Monitor with custom settings.

Before you begin

  • Read the release notes.
  • Review the Integrity Monitor requirements.
  • If you are upgrading from a previous version, see Upgrading Integrity Monitor.
  • Assign the correct roles to users for Integrity Monitor. Review the User role requirements.
    • To import the Integrity Monitor solution, you must be assigned the Administrator reserved role or a role that has the Import Signed Content permission.
    • To configure the Integrity Monitor action group, you must be assigned the Administrator reserved role, Content Administrator reserved role, or a role that has the Action Group write permission.

Import Integrity Monitor with default settings

(Tanium Core Platform 7.4.5 or later only) You can set the Integrity Monitor action group to target the No Computers filter group by enabling restricted targeting before adding Integrity Monitor to your Tanium licenseimporting Integrity Monitor. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Tanium Integrity Monitor action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

When you import Integrity Monitor with automatic configuration, the following default settings are configured:

The following default settings are configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All AIX, All Linux, All Solaris, and All Windows computer groups
  • Restricted targeting enabled: No Computers computer group
Service account

The service account is set to the account that you used to import the module.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure the Integrity Monitor service account.

Monitor creation

A monitor is created for each supported operating system (Windows, Linux, Solaris, and AIX).

The Windows monitor is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, All Windows Server 2019, and All Windows Server 2022.

All other monitors are targeted to the associated All <Operating System> computer group: All Linux, All AIX, and All Solaris.

If one or more of the targeted operating systems are not used in your environment, delete the associated monitors.

Monitor deployments The monitors are deployed to endpoints.
Watchlist

A watchlist is created for each supported operating system based on the Critical System Files template for the operating system.

The Windows watchlist is targeted only to Windows Server computer groups: All Windows Server 2008 R2, All Windows Server 2012, All Windows Server 2012 R2, All Windows Server 2016, All Windows Server 2019, and All Windows Server 2022.

All other watchlists are targeted to the associated All <Operating System> computer group: All Linux, All AIX, and All Solaris.

If one or more of the targeted operating systems are not used in your environment, delete the associated watchlists.

Watchlist deployments The watchlists are deployed to endpoints.

To import Integrity Monitor and configure default settings, be sure to select the Apply Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Integrity Monitor version.

Import Integrity Monitor with custom settings

To import Integrity Monitor without automatically configuring default settings, be sure to clear the Apply Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or update specific solutions. After the import, verify that the correct version is installed (see Verify Integrity Monitor version).

To configure the service account, see Configure the Integrity Monitor service account.

Manage solution dependencies

When you start the Integrity Monitor workbench for the first time, the Tanium Server checks whether all the Tanium modules and shared services (solutions) that are required for Integrity Monitor are installed at the required versions. The Integrity Monitor workbench cannot load unless all required dependencies are installed. If you selected Tanium Recommended Installation when you imported Integrity Monitor, the Tanium Server automatically imported all your licensed solutions at the same time. Otherwise, if you manually imported Integrity Monitor and did not import all its dependencies, the Tanium Console displays a banner that lists the dependencies and the required versions. See Solution dependencies.

Perform the following steps if a banner indicates any Integrity Monitor dependencies are not installed:

  1. Install the dependencies as described in Tanium Console User Guide: Import, re-import, or update specific solutions.
  2. From the Main menu, go to Modules > Integrity Monitor to open the Integrity Monitor Overview page and verify that the Console no longer displays a banner to list missing dependencies.

Upgrade Integrity Monitor

For the steps to upgrade Integrity Monitor, see Tanium Console User Guide: Import, re-import, or update specific solutions. After the upgrade, verify that the correct version is installed: see Verify Integrity Monitor version.

After you upgrade Integrity Monitor, see Upgrading Integrity Monitor for additional tasks.

Verify Integrity Monitor version

After you import or upgrade Integrity Monitor, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Modules > Integrity Monitor to open the Integrity Monitor Overview page.
  3. To display version information, click Info Info.