Network Quarantine requirements

Review the requirements before you install and use Network Quarantine.

Tanium dependencies

Component Requirement
Platform Version 7.0 or later
License Network Quarantine is included with Tanium Connect. For information about licensing, contact your Technical Account Manager (TAM).
Tanium Connect

(Optional) Version 4.7.4 or later

Tanium Discover (Optional) Version 2.7.0 or later

Tanium Module Server

Network Quarantine is installed and runs as a service on the Module Server host computer. The impact on Module Server is minimal and depends on usage.

Third-party software

  • Cisco Identity Services Engine (ISE) 2.2 or later with pxGrid installed
  • Palo Alto Networks OS 7.1 or later
  • Palo Alto Networks Panorama is not supported

Host and network security requirements

Specific ports and processes are needed to run Network Quarantine.

Ports

The following ports are required for Network Quarantine communication.

Component Port Direction Purpose
Module Server 17467 Loopback Internal purposes; not externally accessible.
5222 Outbound Access to Cisco ISE, unless specified otherwise.
443 Outbound Access to Palo Alto Networks firewall, unless specified otherwise.

User role requirements

Tanium 7.0

Administrator role is required for all Network Quarantine tasks.

Tanium 7.1

Table 1:   Tanium 7.1 Network Quarantine user role privileges
Privilege Network Quarantine Administrator Network Quarantine Approver Network Quarantine Rule Author Network Quarantine User Network Quarantine Read Only User Network Quarantine Service Account

Show Networkquarantine

View Network Quarantine shared service

Network Quarantine Certificates Read

View configured certificates

Network Quarantine Certificates Write

Add or update configured certificates

Network Quarantine Nacs Read

View configured NACs

Network Quarantine Nacs Write

Add or update configured NACs

Network Quarantine Quarantines Read

View quarantined endpoints

Network Quarantine Quarantines Write

Quarantine or unquarantine endpoints

Network Quarantine Rules Evaluate

Use service account to evaluate rules

Network Quarantine Settings Read

View service settings

Network Quarantine Settings Write

Configure service settings

Network Quarantine Nacauditlog Read

View audit log

Network Quarantine Rules Run

Start rule evaluation process

Network Quarantine Rules Read

View rules and targets

Network Quarantine Rules Write

Edit rules and targets

Network Quarantine Requests Read

View quarantine requests

Network Quarantine Requests Approve

Approve quarantine requests

Network Quarantine Requests Deny

Deny quarantine requests

Network Quarantine Runs Read

View rule evaluation runs

Table 2:   Provided Network Quarantine micro admin and advanced user role permissions for Tanium 7.1.314.3071 or later
Permission Role type Content set for permission Network Quarantine Administrator Network Quarantine Approver Network Quarantine Rule Author Network Quarantine User Network Quarantine Read Only User Network Quarantine Service Account
Read User Micro Admin  
Read Computer Group Micro Admin  
Execute Plugin Advanced Network Quarantine Content Set
Read Plugin Advanced Network Quarantine Content Set
Read Saved Question Advanced Network Quarantine Content Set
Read Sensor Advanced Reserved, Default, Base, Network Quarantine Content Set
Write saved question Advanced Network Quarantine Content Set

 

Table 3:   Optional roles for Network Quarantine
Role Enables
Connect User

For signed in user:

  • Configure connections for Network Quarantine event notifications

For service account: 

  • Send Network Quarantine event notifications

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.

Last updated: 11/2/2018 1:37 PM | Feedback