Installing Integrity Monitor

Before you begin

  • Read the release notes.
  • Review the Requirements.
  • You must be assigned the Administrator reserved role to import the Integrity Monitor solution.

Install Integrity Monitor

Import Integrity Monitor from the Tanium Solutions page.

  1. From the Main menu, click Tanium Solutions.
  2. Under Integrity Monitor, click Import Version.
  3. In the Content Import Preview window, you can expand the package to review the Tanium content that is being installed. Click Import.
  4. Depending on your Tanium Server configuration, either enter your password or click Yes to proceed.
  5. After the installation process completes, refresh your browser.
  6. From the Main menu, click Integrity Monitor. The Integrity Monitor Home page displays.

Verify the installation

To verify that Integrity Monitor is installed, go to the Tanium Solutions page and check the installed version. To check the installed version on the Integrity Monitor Home page, click Info .

Integrity Monitor Home page

The Integrity Monitor Home page shows endpoint statistics and initial tasks you need to complete before using Integrity Monitor. Use the Manage Home Page link at the top right of the page to configure the sections you see at start up. You might not need to see each section once you have completed the initial tasks.

The Health graph and data on the Integrity Monitor home page shows the percentage of endpoints with each OS-type recording.

Click Endpoints Recording to confirm what you want recorded is being recorded.

Create and configure an Integrity Monitor service account user

A service account user must be created and then configured within Integrity Monitor to run background jobs which include gathering endpoint statistics as well as sending labels to Connect. See Tanium Platform User Guide: Create a Module role to create a user with the following permissions depending on whether or not you have RBAC enabled:

RBAC enabled

  • The Connect User role
  • The Integrity Monitor Administrator role
  • Access to monitored computer groups

RBAC not enabled

  • The Question Author role (with read-only permissions)
  • Access to monitored computer groups

It is a best practice to assign the All Computers group to the service account user for access to any endpoints assigned to monitors. Otherwise, every time you add a computer group to a monitor, you will also need to assign that computer group to your service account for Integrity Monitor. Failure to do this will cause issues running configured rules.

The service account must then be configured within Integrity Monitor.

  1. After you install Integrity Monitor, a Required Integrity Monitor Settings: Set Service Account yellow banner appears across the top of the Integrity Monitor Home page if no service account has been set up. Click Configure Now.
  2. On the Settings page, click Service Account.
  3. Enter the Username and Password for the service account user you created and click Save.

From the Home page, click Settings at the top right and then click Service Account to change the service account at any time.

Align content when upgrading

If you are upgrading to Integrity Monitor 1.2.1 or later on Tanium Server 7.1 or later to use role-based access control (RBAC) functions, you must align Integrity Monitor content, such as packages, saved questions, etc., in Tanium in order for your deployments to work properly.

You must have the Tanium Administrator role to see and use the Content Alignment page.

  1. From the Main menu, under Content, select Content Alignment.
  2. On the Content Alignment page, select Integrity Monitor.
  3. Click Align Selected Content.

Last updated: 8/20/2019 4:36 PM | Feedback