Installing Integrity Monitor

Install Integrity Monitor

  1. Log in to the Tanium Console using an account with Administrator privileges.
  2. From the Main menu, select Tanium Solutions.
  3. Click Import X.X.X.X (where X.X.X.X is the current module version number) under Integrity Monitor.

  4. Integrity Monitor is a Tanium licensed solution. If it does not appear on the Tanium Modules page, contact your TAM.

  5. If you are prompted, click Proceed with Import. Enter your credentials. This begins the Integrity Monitor installation and configuration process. After the Integrity Monitor installation and configuration process completes, you see the message Import completed successfully, and Integrity Monitor appears in the Main menu.

If you run into any issues while importing Integrity Monitor, contact your TAM.

Integrity Monitor home page

The Integrity Monitor home page shows endpoint statistics and initial tasks you need to complete before using Integrity Monitor. Use the Manage Home Page link at the top right of the page to configure the sections you see at start up. You might not need to see each section once you have completed the initial tasks.

The Health graph and data on the Integrity Monitor home page shows the percentage of endpoints with each OS-type recording.

Click Endpoints Recording to confirm what you want recorded is being recorded.

Create and configure an Integrity Monitor service account user

A service account user must be created and then configured within Integrity Monitor to run background jobs which include gathering endpoint statistics as well as sending labels to Connect. See Tanium Platform User Guide: Create a Module role to create a user with the following permissions depending on whether or not you have RBAC enabled:

RBAC enabled

  • The Connect User role
  • The Integrity Monitor Administrator role
  • Access to monitored computer groups

RBAC not enabled

  • The Question Author role (with read-only permissions)
  • Access to monitored computer groups

It is a best practice to assign the All Computers group to the service account user for access to any endpoints assigned to monitors. Otherwise, every time you add a computer group to a monitor, you will also need to assign that computer group to your service account for Integrity Monitor. Failure to do this will cause issues running configured rules.

The service account must then be configured within Integrity Monitor.

  1. After you install Integrity Monitor, a Required Integrity Monitor Settings: Set Service Account yellow banner appears across the top of the Integrity Monitor Home page if no service account has been set up. Click Configure Now.
  2. On the Settings page, click Service Account.
  3. Enter the Username and Password for the service account user you created and click Save.

From the Home page, click Settings at the top right and then click Service Account to change the service account at any time.

Align content when upgrading

If you are upgrading to Integrity Monitor 1.2.1 or later on Tanium Server 7.1 or later to use role-based access control (RBAC) functions, you must align Integrity Monitor content, such as packages, saved questions, etc., in Tanium in order for your deployments to work properly.

You must have the Tanium Administrator role to see and use the Content Alignment page.

  1. From the Main menu, under Content, select Content Alignment.
  2. On the Content Alignment page, select Integrity Monitor.
  3. Click Align Selected Content.

Last updated: 6/18/2019 4:27 PM | Feedback