Installing Integrity Monitor

Before you begin

  • Read the release notes.
  • Review the Requirements.
  • You must be assigned the Administrator reserved role to import the Integrity Monitor solution.

Import Integrity Monitor

Import Integrity Monitor from the Tanium Solutions page.

  1. From the Main menu, click Tanium Solutions.
  2. Under Integrity Monitor, click Import Version.
  3. In the Content Import Preview window, you can expand the package to review the Tanium content that is being installed. Click Import.
  4. Depending on your Tanium Server configuration, either enter your password or click Yes to proceed.
  5. After the installation process completes, refresh your browser.
  6. From the Main menu, click Integrity Monitor. The Integrity Monitor Home page displays.

Verify the installation

To verify that Integrity Monitor is installed, go to the Tanium Solutions page and check the installed version. To check the installed version on the Integrity Monitor Home page, click Info .

Set up Integrity Monitor

Configure the Integrity Monitor service account

You must create and configure an Integrity Monitor service account to run several background processes, such as gathering endpoint statistics and sending labels to Connect. This user must have the following roles and access configured:

  • The Connect User role
  • The Integrity Monitor Administrator role
  • Access to monitored computer groups

For best results, grant the service account user access to the All Computers group for access to any endpoints assigned to monitors. Otherwise, every time you add a computer group to a monitor, you must assign that computer group to your service account for Integrity Monitor or you will encounter issues running configured rules.

  1. From the Integrity Monitor Home page, in the Configure Integrity Monitor section, click the Configure Service Account step and click Configure Service Account.
  2. Enter the User Name and Password for the service account user and click Save.

Set up watchlists

Create a watchlist to define a set of files and directories that you want to monitor for any changes. For more information, see Working with watchlists.

Set up monitors

Use monitors to deploy watchlists to endpoints for continuous recording of file events. For more information, see Working with monitors.

Deploy monitors

  1. After you create a monitor, click Deploy Monitors to see results.
  2. In the Confirm Deploy window, click Yes. If you have more than one monitor, all monitors are deployed.

When you deploy a monitor, you deploy all monitors. When you take an action on monitors (such as creating, modifying, or reprioritizing monitors) you will be prompted to deploy all monitors. For best results, create the monitors you know you need and then deploy them all at once.

Set up rules

Create rules to automatically label events based on attributes of the event itself. You can use these labels to differentiate between planned, expected, and suspicious changes in your event stream and align with change windows. For more information, see Working with rules.

Upgrade Integrity Monitor

Upgrade Integrity Monitor to the latest version from the Tanium Solutions page.

  1. From the Main menu, click Tanium Solutions.
  2. Locate Integrity Monitor and click Upgrade to X.X.X.XX.
  3. Click OK.

    The Import Solution window opens with a list of all the changes and import options.

  4. Click Proceed with Import.
  5. Depending on your Tanium Server configuration, either enter your password or click Yes to proceed.
    The Integrity Monitor installation and configuration process begins.
  6. To confirm the upgrade, return to the Tanium Solutions page and check the Installed: X.X.X.XX version for Integrity Monitor.
  7. After you upgrade Integrity Monitor, you must redeploy all monitors.

If you do not redeploy the monitors, the system might be left in a nonworking state.

Upgrading to Integrity Monitor 1.2.1

If you are upgrading to Integrity Monitor 1.2.1 or later on Tanium Server 7.1 or later to use role-based access control (RBAC) functions, you must align Integrity Monitor content, such as packages and saved questions, in Tanium so that your deployments to work properly.

You must have the Tanium Administrator role to see and use the Content Alignment page.

  1. From the Main menu, select Content > Content Alignment.
  2. On the Content Alignment page, select Integrity Monitor.
  3. Click Align Selected Content.

Last updated: 10/16/2019 9:25 AM | Feedback