Succeeding with Map

Follow these best practices to achieve maximum value and success with Tanium Map. These steps align with the key benchmark metrics: increasing map coverage and servers mapped to an application.

steps to succeeding with mapsteps to succeed with map

Step 1: Gain organizational effectiveness

Complete the key organizational governance steps to maximize Map value. For more information about each task, see Gaining organizational effectiveness.

Develop a dedicated change management process.

Define distinct roles and responsibilities in a RACI chart.

Validate cross-functional organizational alignment.

Track operational metrics.

Step 2: Configure endpoints for discovery

By default, Map targets server operating systems, including variants of Windows Servers and Linux systems.

Windows endpoints

Verify that the Tanium Event Recorder Driver is installed on Windows Servers. Ask the question: Get Tanium Driver Status from all machines with Windows OS Type contains Windows Server and click Search. For more information, see Installing Map Windows systems.

Linux endpoints

Verify that the recent stable version of the audit daemon auditd and audispd-plugins packages are installed. Ask the question: Get Installed Application Exists[audit] from all machines with Is Linux containing "true". For more information, see Identify Linux endpoints that are missing auditd .

Deploy the Recorder - Disable Raw Logging [Linux] package to your Linux endpoints to disable raw logging. This package edits the auditd.conf file with the appropriate settings.

Check if any other tools outside of Tanium are used to modify the audit daemon.

Step 3: Install Tanium modules

Install Tanium Map. See Import Map with default settings.

Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.

Install Tanium Client Management, which provides Tanium Endpoint Configuration. See Tanium Client Management User Guide: Installing Client Management.

Step 4: Configure Map and initialize endpoints

Step 3: Configure Map and initialize endpoints

By default, Map tools are installed only to server operating systems, including variants of Windows Servers and Linux systems. You can modify the Map action group if necessary. If you change the targeting of the action group, the updates get distributed to the endpoints on a 15 minute interval.See Installing Map . See Installing Map .

Review progress of the endpoint initialization with the Health section on the Map Overview page. The Tools Needed value is a count of systems that do not have the Map tools installed. To view more details about the status, click the Tools Needed bar in the chart, then View Current Results filtered by Tools Needed.

When you import Map with automatic configuration, the following default setting is configured:

The following default setting is configured: 

SettingDefault value
Action group
  • Restricted targeting disabled (default): All Windows Servers and All Linux computer groups
  • Restricted targeting enabled: No Computers computer group

Set a time range for the retention of map data. You can configure a number of hours to save data for both the map database and all of your maps. By default, the endpoint database for Map, endpoint maps, and application maps contain 24 hours worth of data. To change these values, go to the Map Overview page, click Settings , then the Time Range tab. These values apply to all maps and endpoint databases for Map.

To start, set both time range values to 168 hours (1 week). You can monitor database size and utilization and adjust the settings if needed.

Step 5: Discover and map application services

Step 4: Discover and map application services

In the Application Discovery section on the Map Overview page, review the available application entry points to find systems of interest, such as Apache.

Select entry points and initiate discovery.

Save application maps.

For more information, see Mapping application services.

Step 6: Monitor Map metrics

Step 5: Monitor Map metrics

In Trends, go to the menu and click Boards, then click IT Operations Metrics to view the Map Coverage and Servers Mapped to an Application panels.

Monitor and troubleshoot Map Coverage Status.

Monitor and troubleshoot Servers Mapped to an Application.