Configuring Interact

If you did not install Interact with the Apply All Tanium recommended configurations option, you must enable and configure certain features.

Configure Interact

Configure service account

The service account is a user that periodically collects results for specific sensors so that you can see those results for endpoints that are offline when you issue questions (see Tanium Console User Guide: Manage sensor results collection). By default, this account is the one that you used to perform the task Import Interact with default settings, but you can modify the account anytime. The account has the following requirements:

  • Administrator reserved role or Data Collection Service Account role
  • Computer management group permissions that are unrestricted or set to All Computers.
  • Import Signed Content (micro admin) permission
  • Password is set to never expire

For more information about Interact permissions, see User role requirements.

If you imported Interact with default settings, the service account is set to the account that you used to perform the import. Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization.

To configure the service account:

  1. From the Main menu, click Modules > Interact to open the Interact Overview page.
  2. Click Settings and open the Service Account tab.
  3. Click Edit, update the service account settings, and click Save.

Set up Interact and Tanium Data Service users

You can use the following set of predefined user roles to set up Interact and Tanium Data Service users.

To review specific permissions for each role, see User role requirements.

For more information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.

Interact roles

Interact Power User

Assign the Interact Power User role to users who ask questions, manage content in the Interact content sets, and deploy actions through Interact.

Interact Basic User

Assign the Interact Basic User role to users who ask questions and manage content in the Interact content sets.

Interact Read-Only User

Assign the Interact Read-Only User role to users who ask questions and view content in the Interact content sets.

Interact Show

Assign the Interact Show role to users who view content in the Interact workbench. This includes users who need to view question results and saved question results in Interact.

Tanium Data Service roles

Data Collection Administrator

Assign the Data Collection Administrator role to users who manage the service account and the sensors from which to collect data for the Tanium Data Service.
This role can perform the following tasks:

  • Purge data for specific sensors
  • Register, unregister, enable, and disable sensors for collection
  • Manage the service account that the Tanium Data Service uses to collect sensor results

Data Collection Operator

Assign the Data Collection Operator role to users who manage the sensors from which to collect data for the Tanium Data Service but do not need to manage the service account.
This role can perform the following tasks:

Assign the Data Collection Operator role to users who manage the sensors from which to collect data for the Tanium Data Service.
This role can perform the following tasks:

  • Purge data for specific sensors
  • Register, unregister, enable, and disable sensors for collection

Data Collection Service Account

Assign the Data Collection Service Account role to the account that manages and performs service-level operations for the Tanium Data Service. Assign this role only to the service account for the Tanium Data Service. For more information, see Configure service account.