Requirements

This page summarizes the requirements for using Interact.

Tanium dependencies

Component Requirement
Tanium Core Platform
  • Interact 2.3 or later requires Tanium Core Platform 7.3.314.4250 or later.
  • Interact 2.1 and Interact 2.2 require Tanium Core Platform 7.4 or later.
  • Interact 2.0 requires Tanium Core Platform 7.2 or later.
Tanium content The Interact module does not include content. Interact depends on sensors, saved questions, dashboards, and categories distributed in Tanium content packs and other Tanium modules.
License The license entitlement for the Tanium Core Platform includes Interact.

Tanium Server computer resource and network requirements

Interact and the Tanium Data Service install and run as a service on the Module Server. The impact on Module Server sizing depends on usage. Consult with your TAM for details.

Endpoints

Supported operating systems

Interact supports the same operating systems (OSs) for endpoints that the Tanium Client supports:

  • Windows
  • MacOS 
  • Linux
  • AIX
  • Solaris

For details about support for specific OS versions, see Tanium Client User Guide: Host system requirements.

Disk space requirements

On managed endpoints, Interact requires at least 100 MB of disk space and another 100 MB of cache space for data files. The cache space includes the Tanium Client shard cache and objects such as sensors and logs.

Processor requirements

On managed endpoints, Interact requires at least 10 MB of RAM and accounts for less than 0.5% of idle CPU usage.

Host and network security requirements

Host and network security requirements for the Tanium Core Platform apply to Interact. For details, see Tanium Core Platform Deployment Reference Guide: Host system security exceptions.

User role requirements

Tanium has roles and permissions for both the Interact module and the associated Tanium Data Service.

Interact module permissions

The Interact module has the following predefined module roles and associated module permissions.

Table 1:   Interact user roles and permissions
Permission Interact Power User role Interact Basic User role Interact Read-Only User role Interact Show role

Show Interact

View the Interact workbench.






Interact Module Read

View Interact content.

This module permission provides these advanced permissions: Read Filter Group, Read Sensor, Read Saved Question, Read Dashboard, and Read Dashboard Group.


1

1



Interact Module Write

Add, edit, or delete Interact content.

This module permission provides the Interact Module Read permission.

It also provides these advanced permissions: Read Filter Group, Read Sensor, Read Saved Question, Read Dashboard, Read Dashboard Group, Write Saved Question, Write Dashboard, Write Dashboard Group.


1




Interact Execute Action

Deploy actions in the Interact module.

This module permission provides the Interact Module Read and Interact Module Write permissions.

It also provides these advanced permissions: Read Filter Group, Read Sensor, Read Saved Question, Read Dashboard, Read Dashboard Group, Read Package, Read Action, Write Saved Question, Write Dashboard, Write Dashboard Group, and Write Action.





1 Denotes a provided permission.

The following table lists the provided advanced permissions and associated content sets (see the table footnotes) for the Interact module permissions in Table 1.

Table 2:   Provided Interact advanced role permissions
Permission Interact Power User role Interact Basic User role Interact Read-Only User role Interact Show role

Read Sensor¹

View and use sensors in the Interact Ask a Question field, Question Builder, and similar user interfaces throughout the Tanium Console.






Read Saved Question¹

View saved questions in the Interact workbench.






Read Dashboard¹

View dashboards in the Interact workbench.






Read Dashboard Group¹

View categories in the Interact workbench.






Read Filter Group²

View and use computer filter groups in questions and question results within the Interact workbench.






Ask Dynamic Questions

Issue questions through the Interact Ask a Question field and Question Builder. This is a global advanced permission: it applies to all content sets.






Write Saved Question³

Create, edit, or delete saved questions, and assign them to content sets for which the user has permission.






Write Dashboard³

Create, modify, or delete dashboard configurations. Read Saved Question content set permissions determine which saved questions are available in dashboards.






Write Dashboard Group³

Create, modify, or delete category configurations. Read Dashboard content set permissions determine which dashboards are available in categories.






Read Package¹

Select packages for actions in the Deploy Action page.






Read Action¹

View the Actions pages. The visibility of rows in the grid depends on the Read Action permission on the content sets for the associated packages.






Write Action¹

See and use the Deploy Action button on the Question Results grid for dynamic questions and saved questions.

View the Actions > Scheduled Actions page. Users can see rows for actions they issued. If a user has the Read Action permission on the content set for the underlying package, that user can see rows for actions that other users issued.

Implies the Read Own Action, Read Package, and Show Preview permissions.





¹ These permissions apply to the following content sets: AD, Base, Client Management, Core Content, Core MSSQL Content, Default, File System, Hardware, Interact, MSSQL, Network, OS, Python, Registry, Reserved, Security, Software, Tagging.

² This permission applies to the Default Filter Groups content set.

³ These permissions apply to the Interact content set.

The following table summarizes the permissions required to perform specific tasks in the Tanium Interact module. The module workbench includes the Interact Home page and Interact Content page. The Admin Administrator reserved role has all the listed permissions. The table also indicates whether other reserved roles have permissions for the features.

Table 3:   Required permissions to perform Interact tasks
Tasks Roles and permissions
Install or uninstall Interact Administrator reserved role only
All tasks in Interact Show Interact (module) permission is required for all Interact features, so be sure to assign a role with that permission to all Interact users.
View Interact content Interact Module Read (module) permission is required to view content in the Interact content set.
Manage Interact content Interact Module Write (module) permission is required to add, edit, or delete content in the Interact content set.
Deploy actions in Interact Interact Execute Action (module) permission enables users to deploy actions in the Interact module. It implies the advanced permissions Read Package, Read Action, and Write Action.
Issue questions through the Ask a Question field and Question Builder Ask Dynamic Questions permission is required to issue questions through the Ask a Question field and Question Builder. You can assign the permission to any advanced role.

Read Sensor content set permissions determine which sensors are available for you to select for questions. Read Filter Group content set permissions determine which computer filter groups are available for you to view and select for questions and question results.

The Tanium™ Asset module stores endpoint information that is visible in the Question Results grid to users who have the Asset Report Read permission.

The Admin reserved role has Administrator and Content Administrator reserved roles have all these permissions.

Save a question Write Saved Question permission is required to assign a saved question to content sets for which you have permission. Write Saved Question is also required to create, edit, or delete saved questions. The Read Sensor content set permissions determine the available sensors. Read Filter Group content set permissions determine the available filter groups.

In addition to the Write Saved Question permission, users require the Write Action and Write Package permissions to add associated actions to a new saved question configuration. In addition to these three permissions, users require owner permissions for the question if they want to modify or delete the associated actions.

The Admin reserved role has Administrator and Content Administrator reserved roles have all these permissions.

Use Interact Saved Questions Read Saved Question content set permissions determine the saved questions that you can see in the Tanium Console, such as on the Interact Home page, Interact Content page, and Question Results grid drill-down.

Read Sensor permission is required for the sensors specified in a saved question that you want to issue. Read Filter Group content set permission is required for the filter groups specified in the saved question.

Ask Dynamic Questions permission is required to use the drill down feature in the saved question results grid.

Use Interact Categories Read Dashboard Group content set permissions determine the categories that you can see in the Tanium Console, such as on the Interact Home page and Interact Content page.

Write Dashboard Group permission is required to create, modify, or delete category configurations. Read Dashboard content set permissions determine which dashboards are available in categories.

The Admin reserved role Administrator and Content Administrator reserved roles can export and import categories.

Use Interact Dashboards Read Dashboard content set permissions determine the dashboards that you can see in the Tanium Console, such as on the Interact Home page and Interact Content page.

Write Dashboard permission is required to create, modify, or delete dashboard configurations. Read Saved Question content set permissions determine which saved questions are available in dashboards.

The Admin Administrator or Content Administrator reserved role can export and import dashboards.

Note: By default, new dashboards are added to the Other Dashboards category, which is visible only to users with the Admin Administrator or Content Administrator reserved role. Therefore, only users with that role one of those roles, or the user who created the dashboard, can see the new dashboard. To make the dashboard visible to other users, you must move it to another category.

Deploy an action Write Action permission is required to see the Deploy Action button on the Question Results grid.

Read Package content set permissions determine which packages are available for you to select for actions.

Read Sensor and Read Saved Question permissions on the Reserved content set are required to complete the deploy action workflow. During the workflow, these permissions allow special saved questions that TaaS the Tanium Server uses to track and report action status.

The Admin Administrator reserved role has all these permissions.

Use the Interact Home page and Interact Content page Users require the Ask Dynamic Questions permission to see the Welcome and Best Practices sections of the Interact Home page:

To see the following sections of the Interact Home page and Interact Content page, users require the specified permissions:

  • Interact Content: Read Dashboard Group, Read Dashboard, and Read Saved Question permissions control the summary counts.
  • Favorite Categories: Read Dashboard Group permission
  • Favorite DashboardsRead Dashboard permission
  • Favorite Saved Questions: Read Saved Question permission

The Admin Administrator reserved role has all these permissions.

Tanium Data Service permissions

The Tanium Data Service has the following predefined module roles and associated module permissions.

Table 4:   Tanium Data Service user roles and permissions
Permission Data Collection Administrator role Data Collection Operator role Data Collection Service Account role

Data Collection Administrator

Unrestricted access to configure data collection.





Data Collection Registration Read

View the Interact Settings > Registration & Collection page to see which sensors are registered for results collection.


1

1

1

Data Collection Registration Write

Register or unregister sensors for results collection, pause (disable) or resume (enable) collection, and purge results.


1

1


Data Collection Start

Manually start an unscheduled query to collect sensor results.


1

1


Data Collection Status Read

View the Data Service Status chart in the Interact Info page.


1

1


Data Collection Metrics Read

View the Data Service Sensor Metrics and Data Service Database Metrics charts in the Interact Info page.


1

1


Data Collection Operator

Access to configure data collection settings.





Data Collection Service Account

Collect sensor results.





Data Collection Service Account Read

View the Interact Settings > Service Account page, which displays information about the service account that the Tanium Data Service uses to collect sensor results.


1


1

Data Collection Service Account Write

Change the service account that the Tanium Data Service uses to collect sensor results.


1


1

Show Interact

View the Interact workbench.




1 Denotes a provided permission.

The Tanium Data Service roles also have the following micro admin and advanced permissions:

Table 5:   Provided Tanium Data Service user role permissions
Permission Data Collection Administrator role Data Collection Operator role Data Collection Service Account role

Read Computer Group

A micro admin permission that enables viewing and using computer management groups and filter groups in questions and question results within the Interact workbench.





Ask Dynamic Questions

A global advanced permission that applies to all content sets. It enables issuing questions through the Interact Ask a Question field and Question Builder.





Read Sensor

An advanced permission that enables viewing and using sensors in the Interact Ask a Question field, Question Builder, and similar user interfaces throughout the Tanium Console.

All Tanium Data Service roles have this permission on the following content sets: Base, Client Management, Core Content, Default, Interact, and Reserved. The Data Collection Service Account role also has this permission on the Tanium Data Service content set.





Write Saved Question

An advanced permission that enables creating, editing, or deleting saved questions, and assigning them to content sets for which the user has permission.

This permission applies to the Interact and Tanium Data Service content sets.