Installing Map Configuring Map

If you are using Tanium as a Service, module installation and upgrades are handled by the service.

When you import Map with automatic configuration, the following default settings are configured:

The following settings are configured by default: 

  • The Map service account is set to the account that was used to import the module.
  • The Tanium Map action group is set to the All Windows Servers and All Linux computer groups.
  • The Map tools deploy to endpoints and begin recording network events after configuration.

Use the Tanium Solutions page to install Map and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Map is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For more information about the automatic configuration for Map, see Import and configure Map with default settings.
  • Manual configuration with custom settings: After installing Map, you must manually configure required settings. Select this option only if Map requires settings that differ from the recommended default settings. For more information, see Import and configure Map with custom settings.

Before you begin

Prepare endpoints

Windows systems

Install the Tanium Event Recorder Driver on Windows servers.
  1. From the Main menu, ask the question: Get Tanium Driver Status from all machines with Is Windows contains true and click Search.
  2. Select Install Recommended.
  3. From the Deploy Action page, select Install Tanium Driver.
  4. Validate successful installations by checking the validation query that runs at the end of the package installation.
  5. Collect the action logs from any endpoints that fail the validation query using Live Response.
  6. Run the action Remove Tanium Driver on any endpoints that return anything other than SERVICE_RUNNING for the Tanium Event Recorder Driver service status.

Linux systems

Install and enable the audit daemon and disable raw logging on Linux systems.
  1. Verify that the recent stable version of the audit daemon and audispd-plugins are installed. Ask the question: Get Running Processes contains auditd from all machines with Is Linux contains true. For more information, see Identify Linux endpoints that are missing auditd .
  2. Verify that raw logging is disabled.
    1. Ask the question: Get CX - Status from all machines with Is Linux contains true. If raw logging is enabled, a health_check status is returned.

      If you do not have the CX - status sensor, you can get the Tanium CX content by installing Tanium Client Management. See Tanium Client Management User Guide.

    2. Deploy the Recorder - Disable Raw Logging [Linux] package to Linux endpoints to disable raw logging. This package edits the auditd.conf file with the appropriate settings.
  3. Check if any other tools outside of Tanium are used to modify the audit daemon.

Import and configure Map with default settings

When you import Map with automatic configuration, the following default settings are configured:

The following settings are configured by default: 

  • The Map service account is set to the account that was used to import the module.
  • The Tanium Map action group is set to the All Windows Servers and All Linux computer groups.
  • The Map tools deploy to endpoints and begin recording network events after configuration.

To import Map and configure default settings, be sure to select the Apply Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Map version.

Import and configure Map with custom settings

To import Map without automatically configuring default settings, be sure to clear the Apply Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Map version.

Configure service account

The service account is a user that runs several background processes for Map. This user requires Tanium Administrator role.

For more information about Map permissions, see User role requirements.

  1. From the Main menu, click Map to open the Map Home page.
  2. Click Settings and open the Service Account tab.
  3. Update the service account settings and click Save.

Configure Map

Configure Map action group

By default, the Map action group is set to the All Windows Servers and All Linux computer groups. You can update the action group if needed.

  1. From the Main menu, click Actions > Scheduled Actions.
  2. In the list of action groups, click Tanium Map.
  3. Click Edit, select computer groups to include in the action group, and click Save.

Initialize endpoints

From the Map Home page, click Initialize Endpoints to install the Map tools on the endpoints and start the Map service.

After deploying the tools for the first time, endpoints can take up to four hours to display status.

Upgrade Map

For the steps to upgrade Map, see Tanium Console User Guide: Manage Tanium modules. After the upgrade, verify that the correct version is installed: see Verify Map version.

Verify Map version

After you import or upgrade Map, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, click Modules > Map to open the Map Home page.
  3. To display version information, click Info Info.