Requirements

This page summarizes the requirements for using Interact.

Tanium dependencies

Component Requirement
Tanium Core Platform Tanium Core Platform 7.3.314.4250 or later.
Tanium content Interact does not include content. Interact depends on sensors, saved questions, dashboards, and categories distributed in Tanium content packs and other Tanium solutions.
License The license entitlement for the Tanium Core Platform includes Interact.

Tanium Server computer resource and network requirements

Interact includes both the Interact workbench and the Tanium Data Service. The Interact workbench installs and run on the Tanium Server, while the Tanium Data Service installs and runs on the Module Server. The general resource specifications for the Tanium Server include the host computer resource and network requirements for the Tanium Console and Interact. The impact of the Tanium Data Service on the Tanium Module Server depends on usage. See the guide for your deployment for details.

Endpoints

Supported operating systems

Interact supports the same operating systems (OSs) for endpoints that the Tanium Client supports:

  • Windows
  • MacOS 
  • Linux
  • AIX
  • Solaris

For details about support for specific OS versions, see Tanium Client Management User Guide: Client version and host system requirements.

Disk space requirements

On managed endpoints, Interact requires at least 100 MB of disk space and another 100 MB of cache space for data files. The cache space includes the Tanium Client shard cache and objects such as sensors and logs.

Processor requirements

On managed endpoints, Interact requires at least 10 MB of RAM and accounts for less than 0.5% of idle CPU usage.

Host and network security requirements

Host and network security requirements for the Tanium Core Platform apply to Interact. For details, see Tanium Core Platform Deployment Reference Guide: Host system security exceptions.

User role requirements

Tanium has roles and permissions for both Interact and the associated Tanium Data Service. To review a summary of the predefined roles, see Set up Interact and Tanium Data Service users.

Interact module permissions

Interact has the following predefined module roles and associated module permissions.

 Table 1: Interact user role permissions
Permission Interact Power User Interact Basic User Interact Read-Only User Interact Show

Ask Dynamic Questions1

Issue questions through the Interact Explore Data field and Question Builder.


SPECIAL

SPECIAL

Interact

View the Interact workbench.


SHOW

SHOW

SHOW

SHOW

Interact Execute2

Deploy actions in Interact.


ACTION

Interact Module3,4

View, create, edit, or delete Interact content.


READ
WRITE

READ
WRITE

READ

1 This permission applies to the following content sets: Reserved.

2 The Interact Execute permission provides these platform content permissions: Filter Group read, Sensor read, Saved Question read, Dashboard read, Dashboard Group read, Package read, Action read, Saved Question write, Dashboard write, Dashboard Group write, and Action write.

3 The Interact Module read permission provides these platform content permissions: Filter Group read, Sensor read, Saved Question read, Dashboard read, and Dashboard Group read.

4 The Interact Module write permission provides these platform content permissions: Filter Group read, Sensor read, Saved Question read, Dashboard read, Dashboard Group read, Saved Question write, Dashboard write, Dashboard Group write.

The following table lists the provided platform content permissions and associated content sets (see the table footnotes) for the Interact permissions in Table 1.

 Table 2: Provided Interact platform content permissions
Permission Interact Power User Interact Basic User Interact Read-Only User Interact Show

Action1

READ: View the Actions pages, The visibility of rows in the grid depends on the Action read permission on the content sets for the associated packages.

WRITE: See and use the Deploy Action button on the Question Results grid for dynamic questions and saved questions. View the Administration > Actions > Scheduled Actions page. Users can see rows for actions they issued. If a user has the Action read permission on the content set for the underlying package, that user can see rows for actions that other users issued.


READ
WRITE

Dashboard1

View, create, edit, or delete dashboards in the Interact workbench. The Saved Question read permission determines which saved questions are available in dashboards.


READ
WRITE

READ
WRITE

READ

Dashboard Group1

View, create, edit, or delete categories in the Interact workbench. The Dashboard read permission determines which dashboards are available in categories.


READ
WRITE

READ
WRITE

READ

Filter Group2

READ: View and use computer filter groups in questions and question results within the Interact workbench.

WRITE: Create, edit, or delete computer filter group configurations.


READ

READ

READ

Own Action1

View user's own actions in the All Pending Approvals page.


READ

Package1

READ: View and select packages for actions in the Action Deployment page.

WRITE: Create, edit, or delete package configurations in the Packages page.


READ

Plugin3

Reserved for future use.


READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

Saved Question1

READ: View saved questions in the Interact workbench.

WRITE: Create, edit, or delete saved questions, and assign them to content sets for which the user has permission.


READ
WRITE

READ
WRITE

READ

Sensor1

READ: View and use sensors in the Interact Explore Data field, Question Builder, and similar user interfaces throughout the Tanium Console.

WRITE: Create, edit, or delete sensor configurations.


READ

READ

READ

You can view which content sets are granted to any role in the Tanium Console.

1 These permissions apply to the following content sets: Base, Client Management, Core AD Query Content, Core Content, Core MSSQL Content, Default, Interact, Python, Reserved.

2 This permission applies to the following content sets: Default Filter Groups, Interact.

3 This permission applies to the following content sets: Interact, Tanium Data Service.

The following table summarizes the permissions required to perform specific tasks in Interact. Interact includes the Interact Overview page and Question Builder page. The Administrator reserved role has all the listed permissions. The table also indicates whether other reserved roles have permissions for the features.

 Table 3: Required permissions to perform Interact tasks
Tasks Roles and permissions
Install or uninstall Interact Administrator reserved role only
All tasks in Interact Interact show (module) permission is required for all Interact features, so be sure to assign a role with that permission to all Interact users.
View Interact content Interact Module read (module) permission is required to view content in the Interact content set.
Manage Interact content Interact Module write (module) permission is required to add, edit, or delete content in the Interact content set.
Deploy actions in Interact Interact Execute (module) permission enables users to deploy actions in Interact. It implies the platform content permissions Package read, Action read, and Action write.
Issue questions through the Explore Data field and Question Builder Ask Dynamic Questions (module)(module) permission is required to issue questions through the Explore Data field and Question Builder. You can assign the permission to any custom role.

Sensor read content set permissions determine which sensors are available for you to select for questions. Filter Group read content set permissions determine which computer filter groups are available for you to view and select for questions and question results.

The Tanium™ Asset module stores endpoint information that is visible in the Question Results grid to users who have the Asset Report read permission.

The Admin reserved role has Administrator and Content Administrator reserved roles have all these permissions.

Save a question Saved Question write permission is required to assign a saved question to content sets for which you have permission. Saved Question write is also required to create, edit, or delete saved questions. The Sensor read content set permissions determine the available sensors. Filter Group read content set permissions determine the available filter groups.

In addition to the Saved Question write permission, users require the Action write and Package write permissions to add associated packages to a new saved question configuration. In addition to these three permissions, users require owner permissions for the question if they want to modify or delete the associated packages.

The Admin reserved role has Administrator and Content Administrator reserved roles have all these permissions.

Use Interact Saved Questions Saved Question read content set permissions determine the saved questions that you can see in the Tanium Console, such as on the Interact Overview page, Question Builder page, and Question Results grid drill-down.

Sensor read permission is required for the sensors specified in a saved question that you want to issue. Filter Group read content set permission is required for the filter groups specified in the saved question.

Ask Dynamic Questions permission is required to use the drill down feature in the saved question results grid.

Use Interact Categories Dashboard Group read content set permissions determine the categories that you can see in the Tanium Console, such as on the Interact Overview page.

Dashboard Group write permission is required to create, modify, or delete category configurations. Read Dashboard content set permissions determine which dashboards are available in categories.

The Admin reserved role Administrator and Content Administrator reserved roles can export and import categories.

Use Interact Dashboards Dashboard read content set permissions determine the dashboards that you can see in the Tanium Console, such as on the Interact Overview page.

Dashboard write permission is required to create, modify, or delete dashboard configurations. Saved Question read content set permissions determine which saved questions are available in dashboards.

The Admin Administrator or Content Administrator reserved role can export and import dashboards.

Deploy an action Action write permission is required to see the Deploy Action button on the Question Results grid.

Package read content set permissions determine which packages are available for you to select for actions.

Sensor read and Saved Question read permissions on the Reserved content set are required to complete the deploy action workflow. During the workflow, these permissions allow special saved questions that TaaS the Tanium Server uses to track and report action status.

The Administrator reserved role has all these permissions.

Use the Interact Overview page To see the following sections of the Interact Overview page, users require the specified permissions:
  • Overview: Dashboard Group read, Dashboard read, and Saved Question read permissions control the summary counts.
  • Favorite Categories: Dashboard Group read permission
  • Favorite DashboardsDashboard read permission
  • Favorite Saved Questions: Saved Question read permission

The Administrator reserved role has all these permissions.

Tanium Data Service permissions

The Tanium Data Service has the following predefined module roles and associated module permissions.

 Table 4: Tanium Data Service user role permissions
Permission Data Collection Administrator Data Collection Operator Data Collection Service Account

Ask Dynamic Questions

A global permission that applies to all content sets. It enables issuing questions through the Interact Explore Data field and Question Builder.

Data Collection

OPERATOR: Access to configure data collection settings.

START: Manually start an unscheduled query to collect sensor results.


START

OPERATOR
START

Data Collection Administrator

Unrestricted access to configure data collection.


ADMINISTER

Data Collection Identify Endpoint

READ: Resolve endpoint identification (EID) sensors (internal purposes only)

WRITE: Allocate endpoint identification sensors (internal purposes only)


READ
WRITE

READ
WRITE

Data Collection Metrics

View the Data Service Sensor Metrics and Data Service Database Metrics charts in the Interact Info page.


READ

READ

Data Collection Purge Sensor

Purge data for specific sensors.

Data Collection Registration

READ: View the Interact Settings > Registration & Collection page to see which sensors are registered for results collection.

WRITE: Register or unregister sensors for results collection, pause (disable) or resume (enable) collection, and purge results.


READ
WRITE

READ
WRITE

READ

Data Collection Service Account

READ: View the Interact Settings > Service Account page, which contains information about the service account that the Tanium Data Service uses to collect sensor results.

WRITE: Change the service account that the Tanium Data Service uses to collect sensor results.

EXECUTE: Collect sensor results.


READ
WRITE

READ
WRITE
EXECUTE

Data Collection Status

View the Data Service Status chart in the Interact Info page.


READ

READ

Interact

View the Interact workbench.


SHOW

SHOW

SHOW

Result Expansion

Read and write expansions (internal purposes only)


READ
WRITE

The Tanium Data Service roles also have the following administration and platform content permissions:

 Table 5: Provided Tanium Data Service administration and platform content permissions
Permission Data Collection Administrator Data Collection Operator Data Collection Service Account

Computer Group

READ: View and export computer management groups and filter groups in questions and question results within the Interact workbench.

WRITE: Create, edit, and delete computer management groups and filter groups.


READ

Plugin

Reserved for future use. Applies to the following content sets: Interact, Tanium Data Service.


READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

Saved Question

READ: View saved questions within the Interact workbench.

WRITE: Create, edit, or delete saved questions, and assign them to content sets for which the user has permission.

The Computer Group permission applies to the Interact and Tanium Data Service content sets.


READ
WRITE

Sensor

READ: View sensors in the Interact Explore Data field, Question Builder, and similar user interfaces throughout the Tanium Console.

All Tanium Data Service roles have this permission on the following content sets: Base, Client Management, Core Content, Default, Interact, and Reserved. The Data Collection Service Account role also has this permission on the Tanium Data Service content set.

WRITE: Create, edit, or delete sensor configurations.


READ

User

READ: View and export user configurations.

WRITE: Create, edit, or delete user configurations.


READ

READ

You can view which content sets are granted to any role in the Tanium Console.