Succeeding with Map

Follow these best practices to achieve maximum value and success with Tanium Map. These steps align with the key benchmark metrics: increasing map coverage and servers mapped to an application.

steps to succeeding with map steps to succeed with map

Step 1: Gain organizational effectiveness

organizational planning

Develop a dedicated Change management process.

Define distinct roles and responsibilities in a RACI chart.

Validate cross-functional Organizational alignment.

Track Operational metrics.

Step 2: Configure endpoints for discovery

By default, Map targets server operating systems, including variants of Windows Servers and Linux systems.

Windows endpoints

Verify that the Tanium Event Recorder Driver is installed on Windows Servers. From the Main menu, ask the question: Get Tanium Driver Status from all machines with Windows OS Type contains Windows Server and click Search. For more information, see Windows systems.

Linux endpoints

Verify that the recent stable version of the audit daemon auditd and audispd-plugins packages are installed. Ask the question: Get Installed Application Exists[audit] from all machines with Is Linux containing "true". For more information, see Identify Linux endpoints that are missing auditd .

Deploy the Recorder - Disable Raw Logging [Linux] package to your Linux endpoints to disable raw logging. This package edits the auditd.conf file with the appropriate settings.

Check if any other tools outside of Tanium are used to modify the audit daemon.

Step 3: Install Tanium modules

installing

Install Tanium Map. See Import and configure Map with default settings.

Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.

Step 4: Configure Map and initialize endpoints

Step 3: Configure Map and initialize endpoints

configuring

Configure the service account. See Configure service account.

By default, Map tools are installed only to server operating systems, including variants of Windows Servers and Linux systems. You can modify the Map action group if necessary. See Configure Map action group.

Review progress of the endpoint initialization with the Initialization Summary on the Map Home page. The Up to Date value is a count of systems with Map tools currently installed compared to the total number of target systems. To view more details about the status, click the number.

When you import Map with automatic configuration, the following default settings are configured:

The following settings are configured by default: 

  • The Map service account is set to the account that was used to import the module.
  • The Tanium Map action group is set to the All Windows Servers and All Linux computer groups.
  • The Map tools deploy to endpoints and begin recording network events after configuration.

Step 5: Discover and map application services

Step 4: Discover and map application services

map

In the Application Discovery section on the Map home page, review the available application entry points to find systems of interest, such as Apache.

Select entry points and initiate discovery.

Save application maps.

For more information, see Mapping application services.

Step 6: Monitor Map metrics

Step 5: Monitor Map metrics

Monitor and troubleshoot Map coverage.

Monitor and troubleshoot servers mapped to an application.