Configuring Network Quarantine

If you did not install Network Quarantine with the Apply All Tanium recommended configurations, you must enable and configure certain features.

Configure Network Quarantine

Configure service account

The service account is a user that runs several background processes for Network Quarantine. This user requires the following roles and access:

  • Network Quarantine Service Account role
  • Connect User role, to send notifications with Connect
  • Access to the saved questions that are used for the automated rules

For more information about Network Quarantine permissions, see User role requirements.

If you imported Network Quarantine with default settings, the service account is set to the account that you used to perform the import. Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization.

  1. On the Network Quarantine Overview page, click Settings and then click Service Account if needed.
  2. Provide a user name and password, and then click Save.

Set up Network Quarantine users

You can use the following set of predefined user roles to set up Network Quarantine users.

To review specific permissions for each role, see User role requirements.

For more information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.

Network Quarantine Administrator

Assign the Network Quarantine Administrator role to users who manage the configuration and deployment of Network Quarantine functionality, including configuration of certificates and NACs.
This role can perform the following tasks:

  • Configure Network Quarantine service settings, including viewing, adding and updating configured certificates
  • View, add and update NACs
  • View, quarantine or unquarantine quarantined endpoints
  • View, approve and deny quarantine requests
  • View and edit automated rules and targets
  • Start the rule evaluation process
  • View the audit log

Network Quarantine Approver

Assign the Network Quarantine Approver role to users who manage the configuration and deployment of Network Quarantine functionality but do not need to configure certificates or NACs.
This role can perform the following tasks:

  • View Network Quarantine service settings, except for configured certificates
  • View configured NACs
  • View quarantined endpoints
  • View, approve and deny quarantine requests
  • View automated rules and targets
  • View rule evaluation runs
  • View the audit log

Network Quarantine Rule Author

Assign the Network Quarantine Rule Author role to users who manage automated rules for and quarantine requests for Network Quarantine.
This role can perform the following tasks:

  • View Network Quarantine service settings, except for configured certificates
  • View configured NACs
  • View quarantined endpoints
  • View, approve and deny quarantine requests
  • View and edit automated rules and targets
  • Start the rule evaluation process and view rule evaluation runs
  • View the audit log

Network Quarantine User

Assign the Network Quarantine User role to users who need to view Network Quarantine details and quarantine or unquarantine endpoints.
This role can perform the following tasks:

  • View Network Quarantine service settings, except for configured certificates
  • View configured NACs
  • View, quarantine or unquarantine quarantined endpoints
  • View, approve and deny quarantine requests
  • View the audit log

Network Quarantine Read Only User

Assign the Network Quarantine Read Only User role to users who need to view quarantined endpoints.
This role can perform the following tasks:

  • View Network Quarantine service settings, except for configured certificates and NACs
  • View configured NACs
  • View quarantined endpoints

Network Quarantine Service Account

Assign the Network Quarantine Service Account role to the account that configures system settings for Network Quarantine.
This role can perform several background processes for Network Quarantine, including evaluating rules.