Map requirements

Review the requirements before you install and use Map.

Core platform dependencies

Make sure that your environment meets the following requirements:

  • Tanium license that includes Map

  • Tanium™ Core Platform servers:  

    • 7.3.314.4250 or later

    • 7.4.1.1939 or later

  • Tanium™ Client:

    • (Linux, macOS*, Windows) Any supported version of Tanium Client
    • (macOS 10.15.x and later) 7.2.314.3608 or later

    * = macOS earlier than 10.15.x Catalina

    Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.

    If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.

Solution dependencies

Other Tanium solutions are required for Map to function (required dependencies) or for specific Map features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.

Some Map dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies and Map requirements. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Map requires.

Tanium recommended installation

If you select Tanium Recommended Installation when you import Map, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.

Import specific solutions

If you select only Map to import, you must manually import dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.

Required dependencies

Map has the following required dependencies at the specified minimum versions:

  • Tanium™ Endpoint Configuration 1.5.252 or later (installed as part of Tanium Client Management 1.8.181 or later)

  • Tanium™ System User service 1.0.40 or later

  • Tanium™ RDB service 1.0.122 or later

  • Tanium™ Trends 3.8.117 or later

Client extensions

Tanium Endpoint Configuration installs client extensions for Map on endpoints. Client Extensions perform tasks that are common to certain Tanium solutions. The Tanium Client uses code signatures to verify the integrity of each client extension prior to loading the extension on the endpoint. Each client extension has recommended security exclusions to allow the Tanium processes to run without interference. See Security exclusions for more information. The following client extensions perform Map functions:

  • Config CX - Provides installation and configuration of extensions on endpoints. Tanium Client Management installs this client extension.
  • Core CX - Provides a management framework API for all other client extensions and exposes operating system metrics. Tanium Client Management installs this client extension.
  • Map CX - Provides application and network traffic mapping. Tanium Map installs this client extension.
  • Py CX - Provides a library that enables communication between Python-based client extensions and Core CX. Tanium Integrity Monitor, Tanium Reveal, or Tanium Threat Response installs this client extension.
  • Recorder CX - Provides the ability to save event data on each endpoint and monitor the endpoint kernel and other low-level subsystems to capture a variety of events. Tanium Enforce, Tanium Integrity Monitor, Tanium Map, or Tanium Threat Response installs this client extension.

Tanium™ Module Server

Map is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

Endpoints

Supported internet protocols

Map is currently only supported with IPv4 networks.

Supported operating systems

The following endpoint operating systems are supported with Map. Map uses the Tanium™ Client Recorder Extension to gather data from endpoints.

Operating System Version Notes
Windows
  • Windows 7 SP1 or later
  • Windows Server 2008 R2 with SP1 or later
For Windows 7 endpoints, update to Windows 7 SP2 or later whenever possible. Windows 7 SP1 requires Microsoft Windows Update KB2758857.
macOS Same as Tanium Client support. See Tanium Client Management User Guide: Host system requirements.  
Linux
  • Red Hat Enterprise Linux 5.4 or later

  • CentOS 5.4 or later


For other Linux version support, see Tanium Client Management User Guide: Host system requirements.

The Client Recorder Extension does not support CentOS and Red Hat Enterprise Linux versions 5.3 and earlier. Endpoints require version 5.4 or later of CentOS or Red Hat Enterprise Linux.

The Client Recorder Extension provides SELinux policies for the following distributions and versions:

  • Red Hat Enterprise Linux (RHEL) 5.4 and later, 6.x, 7.x, and 8.x
  • CentOS 5.4 and later, 6.x, 7.x, and 8.x
  • Amazon Linux 2 LTS (2017.12)

At this time, SELinux is not supported on other Linux distributions.

For Linux endpoints:

  • Install the most recent stable version of the audit daemon and audispd-plugins. For information on deprecated parameters in the audit daemon configuration, see Tanium Client Recorder Extension User Guide. See the specific operating system documentation for instructions.
  • Be aware that when using immutable "-e 2" mode, the recorder adds Tanium audit rules in front of the immutable flag. When using the -e 2 flag on Linux, the endpoint must be restarted after the recorder is enabled.
  • Be aware that when using the failure "-f 2" mode, the Linux kernel panics in the event that auditd message is lost. The recorder does not add audit rules if this configuration is detected.

Disk space requirements

The Map database on each endpoint contains a record of the TCP connections from the past 24 hours. The size of this database depends on the number of TCP connections. In most cases, the maximum size of the database is 200 MB.

CPU and memory requirements

The CPU demand on the endpoint averages less than 1%. A minimum of two CPU cores per endpoint is required. The Tanium Client Recorder Extension cannot operate on fewer than 2 CPU cores.

A minimum of 4 GB RAM is recommended on each endpoint device.

Host and network security requirements

Specific processes are needed to run Map.

Ports

The following ports are required for Map communication.

Source Destination Port Protocol Purpose
Module Server Tanium Cloud Module Server Tanium Cloud (loopback) 17504 TCP Internal purposes; not externally accessible.

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Map security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\map-service\node.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
  Process <Module Server>\services\map-service\node_modules\@tanium\postgresql\lib\win32\bin\postgres.exe
  Process <Module Server>\services\map-service\node_modules\@tanium\postgresql\lib\win32\bin\pg_ctl.exe
Windows endpoints   File <Tanium Client>\extensions\core\TaniumPythonCX.dll
  File <Tanium Client>\extensions\core\TaniumPythonCX.dll.sig
  File <Tanium Client>\extensions\mapcx\py\cx_entry.py
  File <Tanium Client>\extensions\mapcx\data\map.db
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\TaniumCX.exe
7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.2.x clients Folder <Tanium Client>\Python27
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
Linux endpoints   File  <Tanium Client>/extensions/core/TaniumPythonCX.so
  File <Tanium Client>/extensions/core/TaniumPythonCX.so.sig
  File <Tanium Client>/extensions/mapcx/py/cx_entry.py
  File <Tanium Client>/extensions/mapcx/data/map.db
  File <Tanium Client>/extensions/libTaniumRecorder.so
  File <Tanium Client>/extensions/libTaniumRecorder.so.sig
  File <Tanium Client>/TaniumClientExtensions.so
  File <Tanium Client>/TaniumClientExtensions.so.sig
  Process <Tanium Client>/TaniumCX
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.2.x clients Folder <Tanium Client>/python27
7.4.x clients Process <Tanium Client>/python38/python
7.4.x clients Folder <Tanium Client>/python38
macOS endpoints   File  <Tanium Client>/extensions/core/TaniumPythonCX.dylib
  File  <Tanium Client>/extensions/core/TaniumPythonCX.dylib.sig
  File <Tanium Client>/extensions/mapcx/py/cx_entry.py
  File <Tanium Client>/extensions/mapcx/data/map.db
  File <Tanium Client>/extensions/libTaniumRecorder.dylib
  File <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  File <Tanium Client>/TaniumClientExtensions.dylib
  File <Tanium Client>/TaniumClientExtensions.dylib.sig
  Process <Tanium Client>/TaniumCX
7.2.x clients Process <Tanium Client>/python27/python
7.2.x clients Folder <Tanium Client>/python27
7.4.x clients Process <Tanium Client>/python38/python
7.4.x clients Folder <Tanium Client>/python38
 
Map security exclusions
Target DeviceNotesExclusion TypeProcess
Windows endpoints File<Tanium Client>\extensions\core\TaniumPythonCX.dll
 File<Tanium Client>\extensions\core\TaniumPythonCX.dll.sig
 File<Tanium Client>\extensions\mapcx\py\cx_entry.py
 File<Tanium Client>\extensions\mapcx\data\map.db
 File<Tanium Client>\extensions\TaniumRecorder.dll
 File<Tanium Client>\extensions\TaniumRecorder.dll.sig
 File<Tanium Client>\TaniumClientExtensions.dll
 File<Tanium Client>\TaniumClientExtensions.dll.sig
 Process<Tanium Client>\TaniumCX.exe
7.2.x clientsProcess<Tanium Client>\Python27\TPython.exe
7.2.x clientsFolder<Tanium Client>\Python27
7.4.x clientsProcess<Tanium Client>\Python38\TPython.exe
7.4.x clientsFolder<Tanium Client>\Python38
Linux endpoints File <Tanium Client>/extensions/core/TaniumPythonCX.so
 File<Tanium Client>/extensions/core/TaniumPythonCX.so.sig
 File<Tanium Client>/extensions/mapcx/py/cx_entry.py
 File<Tanium Client>/extensions/mapcx/data/map.db
 File<Tanium Client>/extensions/libTaniumRecorder.so
 File<Tanium Client>/extensions/libTaniumRecorder.so.sig
 File<Tanium Client>/TaniumClientExtensions.so
 File<Tanium Client>/TaniumClientExtensions.so.sig
 Process<Tanium Client>/TaniumCX
7.2.x clientsProcess<Tanium Client>/python27/bin/pybin
7.2.x clientsFolder<Tanium Client>/python27
7.4.x clientsProcess<Tanium Client>/python38/python
7.4.x clientsFolder<Tanium Client>/python38
macOS endpoints File <Tanium Client>/extensions/core/TaniumPythonCX.dylib
 File <Tanium Client>/extensions/core/TaniumPythonCX.dylib.sig
 File<Tanium Client>/extensions/mapcx/py/cx_entry.py
 File<Tanium Client>/extensions/mapcx/data/map.db
 File<Tanium Client>/extensions/libTaniumRecorder.dylib
 File<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
 File<Tanium Client>/TaniumClientExtensions.dylib
 File<Tanium Client>/TaniumClientExtensions.dylib.sig
 Process<Tanium Client>/TaniumCX
7.2.x clientsProcess<Tanium Client>/python27/python
7.2.x clientsFolder<Tanium Client>/python27
7.4.x clientsProcess<Tanium Client>/python38/python
7.4.x clientsFolder<Tanium Client>/python38

User role requirements

The following tables list the role permissions required to use Map. To review a summary of the predefined roles, see Set up Map users.

For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Map user role permissions
PermissionMap Administrator1,2,3Map Operator1,2,3Map Read Only User1Map Service Account1,2,4Map Endpoint Configuration Approver1,2

Map

Access Map workbench


SHOW

SHOW

SHOW

SHOW

Map API

Perform Map operations using the API


EXECUTE

Map Application Definition

Read and write map application definitions


READ
WRITE

READ
WRITE

READ

Map Application Configuration

Register, use, write endpoint configuration items for Map


SERVICE

Map Operator Settings

Read or write most map settings


READ
WRITE


READ
WRITE


READ

Map Settings

Read or write all map settings


READ
WRITE

READ
WRITE

Map Endpoint Configuration

Approve endpoint configuration items for Map


APPROVE

1 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

2 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

3 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions.

4 If you enabled configuration approvals in Endpoint Configuration, then by default, configuration changes initiated by the module service account (such as tool deployment) require approval. You can bypass approval for module-generated configuration changes by applying the Endpoint Configuration Bypass Approval permission to the Map Service Account role and adding the relevant content sets. For more information, see Tanium Endpoint Configuration User Guide: User role requirements and Tanium Endpoint Configuration User Guide: Managing approvals.

 

Provided Map administration and platform content permissions
PermissionRole TypeMap Administrator 1Map Operator 1Map Read Only User 1Map Service Account 1Map Endpoint Configuration Approver 1
Action GroupAdministration
READ
WRITE

READ
WRITE

READ
Computer GroupAdministration
READ
WRITE

READ
WRITE

READ

READ
WRITE
ActionPlatform Content
WRITE

WRITE

WRITE
Action For Saved QuestionPlatform Content
WRITE

WRITE

WRITE
Own ActionPlatform Content
READ

READ

READ
PackagePlatform Content
READ
WRITE

READ
WRITE

READ
WRITE
PluginPlatform Content
READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE
Saved QuestionPlatform Content
READ
WRITE

READ
WRITE

READ

READ
WRITE
SensorPlatform Content
READ

READ

READ

You can view which content sets are granted to any role in the Tanium Console.
1 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.