Getting started with Tanium maintenance
After you set up a Tanium deployment, perform regular maintenance tasks to ensure that the deployment uses resources efficiently and provides the best user experience. This guide is intended to provide a baseline of recommended maintenance tasks for all Tanium deployments at various intervals. For example, the recommended tasks alert you to changes in your network, tools deployment, and role-based access control (RBAC) assignments. The specifics of your environment might require different tasks and different intervals, and both might change over time. Contact Tanium Support if you need help determining the appropriate maintenance tasks or help troubleshooting issues that you discover during maintenance.
Perform the one-time tasks described in the following sections to facilitate regular maintenance.
Back up your deployment
Create a disaster recovery plan and back up the Tanium™ Core Platform servers and databases so that you can restore your deployment to a known functional state in case of issues. For example, if a system failure makes the host system of the Tanium™ Server unrecoverable, you can use a backup to quickly restore functionality on a new host.
The backup procedure depends on your Tanium infrastructure:
Test disaster recovery during annual maintenance.
Configure RBAC for maintenance tasks
Decide which users are responsible for performing Tanium maintenance tasks and assign the required roles, user groups, personas, and computer groups. For example, users can apply custom tags only to endpoints in computer groups that are assigned to their user accounts. Users who then configure computer groups with tag-based membership require Computer Group write permission, Interact Module write permission, and Sensor read permission.
To assign Tanium-defined roles or to create and assign custom roles, see Tanium Console User Guide: Managing roles. For the Tanium™ solution-specific role permissions that are required to perform maintenance tasks, see the corresponding user guides:
- API Gateway
- Asset
- Benchmark
- Certificate Manager
- Client Management
- Comply
- Connect
- Criticality
- Deploy
- Direct Connect
- Directory Query
- Discover
- Endpoint Configuration
- End-User Notifications
- Enforce
- Engage
- Feed
- Health Check
- Impact
- Integrity Monitor
- Interact
- Investigate
- Mac Device Enrollment
- Map
- Patch
- Performance
- Provision
- Reporting
- Reputation
- Reveal
- Threat Response
- Trends
- Zero Trust
Verify TPAN report generation
The Tanium™ Platform Analyzer (TPAN) report can facilitate future troubleshooting regardless of whether your deployment currently has issues. If your Tanium license includes Tanium™ Health Check, verify that it is configured to generate TPAN reports:
-
From the Main menu, go to Administration > Shared Services > Health Check.
- Scroll to the Reports section and verify that TPAN reports are generated at the expected cadence.
- If TPAN reports are not generated as expected, see:
Configure Tanium™ Appliance monitoring
Perform any of the following tasks to facilitate monitoring the health of your Tanium deployment
Configure TanOS alerts
TanOS can send alerts to a syslog server or to an email recipient. For optimal results, configure an SMTP email recipient. If the syslog server fails, the SMTP recipient receives a failure notification every 15 minutes until either the failure is resolved or syslog forwarding is disabled. See Tanium Appliance Deployment Guide: Configure syslog alerts.
Configure syslog forwarding
You can forward Appliance logs to a remote syslog server. The syslog forwarding configuration is separate from the syslog alert configuration. For the differences, and the steps to configure syslog forwarding, see Tanium Appliance Deployment Guide: Configuring syslog forwarding.
Configure SNMP
You can configure integration with an SNMP manager to collect and analyze Appliance information. After you configure credentials, the user tansnmp can make a remote SNMP connection to the Appliance or to the Integrated Dell Remote Access Controller (iDRAC) interface of a physical Appliance to conduct SNMP polling from a remote host or SNMP manager. See Tanium Appliance Deployment Guide: Configuring SNMP.
Configure alerts for disconnected Tanium™ Clients
Users with local administrative rights might be able to uninstall the Tanium Client, stop the Tanium Client service, or tamper with Tanium Client files. In such cases, previously managed endpoints might become unmanaged. Configure Tanium™ Discover to regularly audit endpoints to which you have deployed the Tanium Client and configure Tanium™ Connect to automatically generate alerts when endpoints become unmanaged. You can also configure Tanium Discover to automatically redeploy the Tanium Client to endpoints that become unmanaged. For the steps, see Tanium Client Management User Guide: Configure automated maintenance.
Configure a failed connections report
If you use Tanium Connect, you can configure an HTTP destination to schedule the automatic delivery of reports about failed connections. You can set the report format to CSV, delimiter separated values, HTML, or JSON.
If you have the authority to disable or delete failed connections, configuring the report is optional. You can use the report for reviewing and troubleshooting connections before you decide which to disable or delete. Alternatively, you can manually Review and remediate Tanium Connect issues without a report.
If another team in your organization has the authority to disable or delete failed connections, configure the report with the settings that the team requires.
Configure the report as described in Tanium Connect User Guide: Configuring HTTP destinations. A failed connections report requires the following settings:
| Section | Settings |
|---|---|
| Configuration |
|
| Enablement | Listen for this Event: select |
Contact Tanium Support
Tanium Support is your first contact for assistance with troubleshooting your deployment.
To contact Tanium Support for help, sign in to https://support.tanium.com.
Last updated: 9/20/2023 1:45 PM | Feedback