Performance requirements

Review the requirements before you install and use Performance.

Tanium dependencies

In addition to a license for Performance, make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.3.314.4250 or later
Tanium™ Client Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client User Guide: Client version and host system requirements.

If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.

Tanium products If you clicked the Install with Recommended Configurations button when you installed Performance, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Performance requires to function, as described under Tanium Console User Guide: Manage Tanium modules.

Modules at the following minimum versions are required:

  • Tanium™ Endpoint Configuration 1.2 or later (installed as part of Tanium™ Client Management 1.5 or later)
  • Tanium Interact 2.4.50 or later
  • Tanium Trends 3.6 or later

The following modules are optional, but Performance requires the specified minimum versions to work with them:

  • Tanium Direct Connect 1.1.0 or later (1.3.0 or later to terminate processes or browse files on an endpoint)

If you are using any of the following Tanium™ modules that use the Tanium™ Client Recorder Extension, you must use the specified versions:

  • Tanium™ Integrity Monitor 1.7.0.0035 or later
  • Tanium™ Map 1.1.1.0006 or later
  • Tanium™ Threat Response 1.2.0.0037 or later
  • Tanium™ Trace 2.9.0.0035 or later

Endpoints

Supported operating systems

The following endpoint operating systems are supported with Performance.

Operating System Version Notes
Windows
  • Windows 7 (SP1) and later
  • Windows Server 2008 R2 (SP1) and later
  • Windows 7 Service Pack 1 requires Microsoft KB2758857.
  • A page file is required for metric collection.
macOS 10.11 and later  
Linux
  • Red Hat Enterprise Linux (RHEL) 6.x, 7.x
  • CentOS 6.x, 7.x
  • Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
Only POSIX-compliant file systems are supported.

Support for specific metrics varies by operating system. For more information, see Reference: Event Rules.

Disk space requirements

Endpoints must have at least 500 megabytes (MB) available in free disk space.

Host and network security requirements

Specific ports and processes are needed to run Performance.

Ports

The following ports are required for Performance communication.

Source Destination Port Protocol Purpose
Tanium Client (internal) Module Server 17475 TCP Used by the Module Server for endpoint connections to internal clients.
Tanium Client (external) Zone Server1 Tanium as a Service 17486 TCP Used by the Zone Server for endpoint connections to external clients.
The default port number is 17486. If needed, you can specify a different port number when you configure the Zone Proxy.
Module Server Zone Server1 17487 TCP Used by the Zone Server for Module Server connections.
The default port number is 17487. If needed, you can specify a different port number when you configure the Zone Proxy.
17488 TCP Allows communication between the Zone Server and the Module Server. On TanOS, the Direct Connect Zone Proxy installer automatically opens port 17488 on the Zone Server. This port must be manually opened on Windows.
1 These ports are required only when you use a Zone Server.

For more information about the ports required for Direct Connect, see Direct Connect User Guide: Host and network security requirements.

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Performance security exclusions
Target Device Notes Process
Module Server   <Module Server>\services\performance\node.exe
  <Module Server>\services\event-service\twsm.exe
  <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows x86 and x64 endpoints   <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\TaniumPerformance.dll
  <Tanium Client>\extensions\TaniumPerformance.dll.sig
  <Tanium Client>\Tools\Performance\TaniumTSDB.exe
7.2.x clients1 <Tanium Client>\Python27\TPython.exe
7.4.x clients1 <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
macOS and Linux (x86 and x64) endpoints   <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/libTaniumPerformance.so
  <Tanium Client>/extensions/libTaniumPerformance.so.sig
  <Tanium Client>/Tools/Performance/TaniumTSDB
7.2.x clients <Tanium Client>/python27/bin/pybin
7.4.x clients <Tanium Client>/python38/bin/pybin
  <Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.
Performance security exclusions
Target Device Notes Process
Windows (x86 and x64) endpoints   <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\TaniumPerformance.dll
  <Tanium Client>\extensions\TaniumPerformance.dll.sig
  <Tanium Client>\Tools\Performance\TaniumTSDB.exe
1 <Tanium Client>\Python38\TPython.exe
  <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
macOS and Linux (x86 and x64) endpoints   <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/libTaniumPerformance.so
  <Tanium Client>/extensions/libTaniumPerformance.so.sig
  <Tanium Client>/Tools/Performance/TaniumTSDB
  <Tanium Client>/python38/bin/pybin
  <Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.

User role requirements

The following tables list the role permissions required to use Performance. For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.

Performance user role privileges
Privilege Performance Administrator2, 3 Performance Operator2, 31,2 Performance Read Only User2,31,2 Performance Service Account3,52 Performance User2,31,2 Performance Endpoint Configuration Approver3,42,3

Show Performance1

View Performance workbench.

Performance Administer

View all pages in Performance. Update settings, profiles, and the service account credentials. Can generate and retrieve a support bundle.

Performance Kill Process

Terminate endpoint processes when you connect to an endpoint through Performance.

Performance File Download

Browse the file system and download a file from an endpoint that you connect to through Performance.

Performance Direct Connect Read

Connect to an endpoint using Direct Connect and read data from that endpoint.

Performance Event Read

View performance events.

Performance Profile Read

View performance profiles.

Performance Profile Write

Create or modify performance profiles.

Performance Settings Read

View performance settings.

Performance Endpoint Configuration Approve

Allows approving endpoint configuration items.

Performance Components Manage

Manage back-end components for Performance, such as actions.

1 To install Performance, you must have the Import Signed Content micro admin permission (Tanium Core Platform 7.4 or later) or the reserved role of Administrator.

21 This role provides module permissions for Tanium Direct Connect. You can view which Direct Connect permissions are granted to this role in the Tanium Console. For more information, see the Tanium Direct Connect User Guide: User role requirements.

32 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see the Tanium Trends User Guide: User role requirements.

43 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

5 If you installed Tanium Client Management, Endpoint Configuration is installed, and byBy default, configuration changes initiated by the module service account (such as tool deployment) require approval. You can bypass approval for module-generated configuration changes by applying the Endpoint Configuration Bypass Approval permission to this role and adding the relevant content sets. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.


Provided Advanced user role permissions for Tanium 7.1.314.3071 or later
Permission Role Type Content Set for Permission Performance Administrator Performance Operator Performance Read Only User Performance Service Account Performance User Performance Endpoint Configuration Approver
Ask Dynamic Questions    
Read Action Group Micro Admin  
Read Sensor Advanced Reserved
Read Sensor Advanced Base
Read Sensor Advanced Performance
Read Sensor Advanced Direct Connect
Read Plugin Advanced Performance
Read Plugin Advanced Trends
Read Plugin Advanced Endpoint Configuration
Execute Plugin Advanced Performance
Execute Plugin Advanced Trends
Execute Plugin Advanced Endpoint Configuration
Read Package Advanced Performance
Read Package Advanced Direct Connect
Write Package Advanced Performance
Write Package Advanced Direct Connect
Read Own Action Advanced Performance
Read Own Action Advanced Direct Connect
Read Action Advanced Performance
Read Action Advanced Direct Connect
Write Action Advanced Performance
Write Action Advanced Direct Connect
Read Saved Question Advanced Reserved
Read Saved Question Advanced Base
Read Saved Question Advanced Performance
Read Saved Question Advanced Direct Connect
Read Saved Question Advanced Hardware      
Read Filter Group Advanced Reserved
Read Filter Group Advanced Default Filter Groups
Read Filter Group Advanced Performance
Show Preview Advanced Performance
Show Preview Advanced Direct Connect