Getting started with Tanium maintenance

After you set up a Tanium deployment, perform regular maintenance tasks to ensure that the deployment uses resources efficiently and provides the best user experience. This guide is intended to provide a baseline of recommended maintenance tasks for all Tanium deployments at various intervals. For example, the recommended tasks alert you to changes in your network, tools deployment, and role-based access control (RBAC) assignments. The specifics of your environment might require different tasks and different intervals, and both might change over time. Contact Tanium Support if you need help determining the appropriate maintenance tasks or help troubleshooting issues that you discover during maintenance.

Perform the one-time tasks described in the following sections to facilitate regular maintenance.

Back up your deployment

Create a disaster recovery plan and back up the Tanium™ Core Platform servers and databases so that you can restore your deployment to a known functional state in case of issues. For example, if a system failure makes the host system of the Tanium™ Server unrecoverable, you can use a backup to quickly restore functionality on a new host.

The backup procedure depends on your Tanium infrastructure:

Review and update backups and the disaster recovery plan during quarterly maintenance.

Test disaster recovery during annual maintenance.

Configure RBAC for maintenance tasks

Decide which users are responsible for performing Tanium maintenance tasks and assign the required roles, user groups, personas, and computer groups. For example, users can apply custom tags only to endpoints in computer groups that are assigned to their user accounts. Users who then configure computer groups with tag-based membership require Computer Group write permission, Interact Module write permission, and Sensor read permission.

To assign Tanium-defined roles or to create and assign custom roles, see Tanium Console User Guide: Managing roles. For the Tanium™ solution-specific role permissions that are required to perform maintenance tasks, see the corresponding user guides:

Verify TPAN report generation

The Tanium™ Platform Analyzer (TPAN) report can facilitate future troubleshooting regardless of whether your deployment currently has issues. If your Tanium license includes Tanium™ Health Check, verify that it is configured to generate TPAN reports:

  1. From the Main menu, go to Administration > Shared Services > Health Check.

  2. Scroll to the Reports section and verify that TPAN reports are generated at the expected cadence.
  3. If TPAN reports are not generated as expected, see:

Configure Tanium™ Appliance monitoring

Perform any of the following tasks to facilitate monitoring the health of your Tanium deployment if it uses Appliance infrastructure. For example, if your organization has a syslog server or SNMP manager, you can integrate it with the Appliance for monitoring. If these monitoring solutions reveal issues that require resolution, see Tanium Appliance Deployment Guide: Troubleshooting.

Configure TanOS alerts

TanOS can send alerts to a syslog server or to an email recipient. For optimal results, configure an SMTP email recipient. If the syslog server fails, the SMTP recipient receives a failure notification every 15 minutes until either the failure is resolved or syslog forwarding is disabled. See Tanium Appliance Deployment Guide: Configure syslog alerts.

Configure syslog forwarding

You can forward Appliance logs to a remote syslog server. The syslog forwarding configuration is separate from the syslog alert configuration. For the differences, and the steps to configure syslog forwarding, see Tanium Appliance Deployment Guide: Configuring syslog forwarding.

Configure SNMP

You can configure integration with an SNMP manager to collect and analyze Appliance information. After you configure credentials, the user tansnmp can make a remote SNMP connection to the Appliance or to the Integrated Dell Remote Access Controller (iDRAC) interface of a physical Appliance to conduct SNMP polling from a remote host or SNMP manager. See Tanium Appliance Deployment Guide: Configuring SNMP.

Configure alerts for disconnected Tanium™ Clients

Users with local administrative rights might be able to uninstall the Tanium Client, stop the Tanium Client service, or tamper with Tanium Client files. In such cases, previously managed endpoints might become unmanaged. Configure Tanium™ Discover to regularly audit endpoints to which you have deployed the Tanium Client and configure Tanium™ Connect to automatically generate alerts when endpoints become unmanaged. You can also configure Tanium Discover to automatically redeploy the Tanium Client to endpoints that become unmanaged. For the steps, see Tanium Client Management User Guide: Configure automated maintenance.

Configure a failed connections report

If you use Tanium Connect, you can configure an HTTP destination to schedule the automatic delivery of reports about failed connections. You can set the report format to CSV, delimiter separated values, HTML, or JSON.

If you have the authority to disable or delete failed connections, configuring the report is optional. You can use the report for reviewing and troubleshooting connections before you decide which to disable or delete. Alternatively, you can manually Review and remediate Tanium Connect issues without a report.

If another team in your organization has the authority to disable or delete failed connections, configure the report with the settings that the team requires.

Configure the report as described in Tanium Connect User Guide: Configuring HTTP destinations. A failed connections report requires the following settings:

 Table 1: HTTP destination for failed connections report
Section Settings
Configuration
  • Source: Event

  • Event Group: Connect
  • Failed Connection Run: select
  • Unexpected Process Exit: select
  • Destination: HTTP

Enablement Listen for this Event: select

Contact Tanium Support

Tanium Support is your first contact for assistance with troubleshooting your deployment. If you require further assistance from Tanium Support, include version information for Tanium Core Platform components and specific details on dependencies, such as the host system hardware and OS details and database server version. You can also send Tanium Support a collection of support bundles for all the solutions in your Tanium license. See Review and update backups and the disaster recovery plan.

To contact Tanium Support for help, sign in to https://support.tanium.com.