Installing Map

Tanium as a Service automatically handles module installations and upgrades.

For information about configuring Map for Tanium as a Service (TaaS), see Configuring Map.

Use the Tanium Solutions page to install Map and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Map is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For more information about the automatic configuration for Map, see Import and configure Map with default settings.
  • Manual configuration with custom settings: After installing Map, you must manually configure required settings. Select this option only if Map requires settings that differ from the recommended default settings. For more information, see Import and configure Map with custom settings.

Before you begin

Prepare endpoints

Windows systems

Install the Tanium Event Recorder Driver on Windows servers. If you want to extend the scope of your Map deployment to include other Windows devices, make sure that the Tanium Event Recorder Driver is installed on the additional devices.
  1. From the Tanium Home page, ask the question: Get Tanium Driver Status from all machines with Windows OS Type contains Windows Server and click Search.
  2. Select Install Recommended.
  3. From the Deploy Action page, select Install Tanium Driver.
  4. Validate successful installations by checking the validation query that runs at the end of the package installation.
  5. Collect the action logs from any endpoints that fail the validation query using Live Response.
  6. Run the action Remove Tanium Driver on any endpoints that return anything other than SERVICE_RUNNING for the Tanium Event Recorder Driver service status.

Linux systems

Install and enable the audit daemon and disable raw logging on Linux systems.
  1. Verify that the recent stable version of the audit daemon and audispd-plugins are installed. From the Tanium Home page, ask the question: Get Running Processes contains auditd from all machines with Is Linux contains true. For more information, see Identify Linux endpoints that are missing auditd .
  2. Verify that raw logging is disabled.
    1. Ask the question: Get CX - Status from all machines with Is Linux contains true. If raw logging is enabled, a health_check status is returned.

      If you do not have the CX - status sensor, you can get the Tanium CX content by installing Tanium Client Management. See Tanium Client Management User Guide.

    2. Deploy the Recorder - Disable Raw Logging [Linux] package to Linux endpoints to disable raw logging. This package edits the auditd.conf file with the appropriate settings.
  3. Check if any other tools outside of Tanium are used to modify the audit daemon.
  4. Disable SELinux. In the /etc/sysconfig/selinux file, set SELINUX=disabled.

Remove legacy Client Recorder extension

If Client Recorder Extension version 1.x exists on a targeted endpoint, you must remove it before you install Client Recorder Extension version 2.x tools. To target endpoints where Client Recorder Extension version 1.x exists, ask the question: Legacy - Recorder Installed. If the Supported Endpoints column displays No, you must remove Client Recorder Extension version 1.x from the endpoint before you install Client Recorder Extension 2.x tools. To remove Client Recorder Extension version 1.x, deploy the Recorder - Remove Legacy Recorder [Operating System] package to targeted endpoints.

Import and configure Map with default settings

When you import Map with automatic configuration, the following default settings are configured:

The following settings are configured by default: 

  • The Map service account is set to the account that was used to import the module.
  • The Tanium Map action group is set to the All Windows Servers and All Linux computer groups.
  • The Map tools deploy to endpoints and begin recording network events after configuration.

To import Map and configure default settings, be sure to select the Apply Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Map version.

Import and configure Map with custom settings

To import Map without automatically configuring default settings, be sure to clear the Apply Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Map version.

Configure service account

The service account is a user that runs several background processes for Map. This user requires the following roles and access:

  • Tanium Administrator role.

  • If you installed Tanium Client Management, this This user requires the Endpoint Configuration Service Account role. Endpoint Configuration is installed as a part of Tanium Client Management.

For more information about Map permissions, see User role requirements.

  1. From the Main menu, go to Modules > Map.
  2. Click Settings and open the Service Account tab.
  3. Update the service account settings and click Save.

Configure Map action group

By default, the Map action group is set to the All Windows Servers and All Linux computer groups. You can update the action group if needed. After you configure the action group, the Map tools are deployed to the selected endpoints automatically.

If you update the action group from the default, verify that the Tanium Event Recorder Driver is installed on the endpoints in the computer group. See Prepare endpoints.

  1. From the Main menu, go to Administration > Actions > Action Groups.
  2. In the list of action groups, select Tanium Map.
  3. Click Edit, select computer groups to include in the action group, and click Save.

After deploying the tools for the first time, endpoints can take up to 20 minutes to return results that can be seen in application discovery or endpoint maps.

Manage solution configurations with Tanium Endpoint Configuration

Tanium Endpoint Configuration delivers configuration information and required tools for Tanium Solutions to endpoints. Endpoint Configuration consolidates the configuration actions that traditionally accompany additional Tanium functionality and eliminates the potential for timing errors that occur between when a solution configuration is made and the time that configuration reaches an endpoint. Managing configuration in this way greatly reduces the time to install, configure, and use Tanium functionality, and improves the flexibility to target specific configurations to groups of endpoints.

Endpoint Configuration is installed as a part of Tanium Client Management. For more information, see the Tanium Client Management User Guide: Installing Client Management.

Additionally you can use Endpoint Configuration to manage configuration approval. For example, configuration changes are not deployed to endpoints until a user with approval permission approves the configuration changes in Endpoint Configuration. For more information about the roles and permissions that are required to approve configuration changes for Map, see User role requirements.

To use Endpoint Configuration to manage approvals, you must enable configuration approvals.

  1. From the Main menu, go to Administration > Shared Services > Endpoint Configuration to open the Endpoint Configuration Overview page.
  2. Click Settings and click the Global tab.
  3. Select Enable configuration approvals, and click Save.

For more information about Endpoint Configuration, see Tanium Endpoint Configuration User Guide.

Manage dependencies for Tanium solutions

When you start the Map workbench for the first time, the Tanium console ensures that all of the required dependencies for Map are installed at the required version. You must install all required Tanium dependencies before the Map workbench can load. A banner appears if one or more Tanium dependencies are not installed in the environment. The Tanium Console lists the required Tanium dependencies and the required versions.

  1. From the Main menu, go to Administration > Configuration > Solutions.
  2. Select the required solutions, click Import Selected, and then click Begin Import. When the import is complete, you are returned to the Tanium Solutions page.
  3. From the Main menu, go to Modules > Map to open the Map Overview page after you import all of the required Tanium dependencies.

Upgrade Map

For the steps to upgrade Map, see Tanium Console User Guide: Manage Tanium modules. After the upgrade, verify that the correct version is installed: see Verify Map version.

Verify Map version

After you import or upgrade Map, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Modules > Map to open the Map Overview page.
  3. To display version information, click Info Info.