This documentation includes content for releases that might not be available on-premises. For the latest on-premises Console documentation, see the PDF version of Tanium™ Console User Guide version 3.4.59.
Console Requirements
Review the requirements before you
Core platform dependencies
Make sure that your environment meets the following requirements:
- Tanium Core Platform 7.6.1. This version and later versions do not support Interact versions earlier than 3.0.
- Tanium Console 3.6
Solution dependencies
Other Tanium solutions are required for Interact to function (required dependencies) or for specific Interact features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.
For the Tanium Core Platform version that Interact requires, see Core platform dependencies.
Tanium recommended installation
If you select Tanium Recommended Installation when you import Interact, the Tanium Server automatically imports all your licensed solutions at the same time. See Import all modules and services.
Import specific solutions
If you select only Interact to import and are using Tanium Core Platform 7.5.2.3531 or later with Tanium Console 3.0.72 or later, the Tanium Server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Interact, the server automatically updates those dependencies to the latest available versions.
If you select only Interact to import and you are using Tanium Core Platform 7.5.2.3503 or earlier with Console 3.0.64 or earlier, you must manually import or update required dependencies. See Import or update specific solutions.
Required dependencies
Interact has the following required solution dependencies at the specified minimum versions:
-
Tanium™ Core Content 1.3.100 or later
Core Content 1.8.5 or later requires Tanium™ Client Management
- Tanium™ Default Computer Groups 1.0.6 or later
- Tanium™ Default Content 8.4.9 or later
- Tanium™ RDB Service 1.2.151 or later
- Tanium™ System User Service 1.0.235 or later
For details about the content-only solutions (Core Content, Default Computer Groups, and Default Content), see Content-only solutions.
Feature-specific dependencies
If you select only Console to import, you must manually import or update its feature-specific dependencies regardless of the Tanium Console or Tanium Core Platform versions. Console has the following feature-specific dependencies at the specified minimum versions:
- Tanium™ Reporting
- 1.8.40 or later is required to display Reporting dashboards on the Tanium Home page. See Work with Reporting dashboards.
- 1.12 or later is required to access the Endpoint Details page from the Interact workbench. See Search endpoints.
Tanium Server computer resource and network requirements
Console includes both the Console workbench and Tanium Data Service. The Console workbench installs and run on the Tanium Server, while Tanium Data Service installs and runs on the Module Server. The general resource specifications for the Tanium Server include the host computer resource and network requirements for Tanium Console and Console. The impact of Tanium Data Service on the Tanium Module Server depends on usage. See the guide for your deployment for details.
- For general Module Server sizing guidelines in a Windows deployment, see Tanium Core Platform Deployment Guide for Windows: Host system resource guidelines.
- For Tanium Appliance specifications, see Tanium Appliance Deployment Guide: Tanium Appliance specifications.
Endpoints
Supported operating systems
Interact supports the same operating systems (OSs) for endpoints that the Tanium Client supports:
- Windows
- MacOS
- Linux
- AIX
- Solaris
For details about support for specific OS versions, see Tanium Client Management User Guide: Client version and host system requirements.
Disk space requirements
On managed endpoints, Interact requires at least 100 MB of disk space and another 100 MB of cache space for data files. The cache space includes the Tanium Client chunk cache and objects such as sensors and logs.
Processor requirements
On managed endpoints, Interact requires at least 10 MB of RAM and accounts for less than 0.5% of idle CPU usage.
Host and network security requirements
Specific ports and processes are needed to run Console.
Ports
The following ports are required for Console communication.
Source | Destination | Port | Protocol | Purpose |
---|---|---|---|---|
Module Server | Module Server (loopback) | 17495 | TCP | Internal purposes, not externally accessible |
No additional ports are required.
Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.
For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.
Security exclusions
Host and network security requirements for the Tanium Core Platform apply to Console. For details, see Tanium Core Platform Deployment Reference Guide: Host system security exceptions.
User role requirements
Tanium has roles and permissions for both Console and associated Tanium Data Service. To review a summary of the predefined roles, see Configuring Console.
Console module permissions
Interact has the following predefined module roles and associated module permissions.
Permission | Interact Power User | Interact Basic User | Interact Read-Only User | Interact Show |
---|---|---|---|---|
Ask Dynamic Questions1 Issue questions through the Interact Ask a Question field and Question Builder. |
SPECIAL |
SPECIAL |
|
|
Interact View the Interact workbench. |
SHOW |
SHOW |
SHOW |
SHOW |
Interact Execute2 Deploy actions in Interact. |
ACTION |
|
|
|
Interact Module3,4 View, create, edit, or delete Interact content. |
READ WRITE |
READ WRITE |
READ |
|
1 This permission applies to the Reserved content sets. 2 The Interact Execute permission provides the following permissions:
3 The Interact Module read permission provides the following platform content permissions: Filter Group read, Sensor read, Saved Question read, Dashboard read, and Dashboard Group read. The Dashboard read and write permissions apply to Interact dashboards, not Reporting dashboards. 4 The Interact Module write permission provides the following permissions:
|
The following table lists the provided platform content permissions and associated content sets (see the table footnotes) for the Interact permissions in Table 1.
Permission | Permission Type | Interact Power User | Interact Basic User | Interact Read-Only User | Interact Show |
---|---|---|---|---|---|
Action | Platform Content |
READ WRITE |
|
|
|
Dashboard1 | Platform Content |
READ WRITE |
READ WRITE |
READ |
|
Dashboard Group | Platform Content |
READ WRITE |
READ WRITE |
READ |
|
Filter Group | Platform Content |
READ |
READ |
READ |
|
Own Action | Platform Content |
READ |
|
|
|
Package | Platform Content |
READ |
|
|
|
Plugin | Platform Content |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
Saved Question | Platform Content |
READ WRITE |
READ WRITE |
READ |
|
Sensor | Platform Content |
READ |
READ |
READ |
|
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. 1The Dashboard read and write permissions apply to Interact dashboards, not Reporting dashboards. |
The Interact Execute action permission and Interact Module write permission each provide the following Reporting module permissions and associated content sets (see the table footnotes). These permissions enable users to access the Endpoint Details page in the Reporting workbench. For information about the Endpoint Details page, see Tanium Reporting User Guide: Viewing and managing a single endpoint.
Permission | Interact Power User | Interact Basic User | Interact Read-Only User | Interact Show |
---|---|---|---|---|
Dashboard1 |
READ |
READ |
|
|
Report1 |
READ |
READ |
|
|
Report API |
USER |
USER |
|
|
Reporting Category |
READ |
READ |
|
|
Reporting Settings |
READ |
READ |
|
|
1The Dashboard and Report permissions apply to the Reporting content set. The Reporting Dashboard module permission is distinct from the platform content Dashboard permission that Table 2 references. |
The following table summarizes the permissions required to perform specific tasks in Interact. Interact includes the Interact Overview page and Question Builder page. The Administrator reserved role has all the listed permissions.
Tasks | Roles and permissions |
---|---|
Install or uninstall Interact | Administrator reserved role only |
All tasks in Interact | Interact show (module) permission is required for all Interact features, so be sure to assign a role with that permission to all Interact users. |
View Interact content | Interact Module read (module) permission is required to view content in the Interact content set. |
Manage Interact content | Interact Module write (module) permission is required to add, edit, or delete content in the Interact content set. |
Deploy actions in Interact | Interact Execute (module) permission enables users to deploy actions in Interact. It implies the platform content permissions Package read, Action read, and Action write. |
Issue questions through the Ask a Question field and Question Builder | Ask Dynamic Questions (module) permission is required to issue questions through the Ask a Question field and Question Builder. You can assign the permission to any custom role. Sensor read content set permissions determine which sensors are available for you to select for questions. Filter Group read content set permissions determine which computer filter groups are available for you to view and select for questions and question results. Depending on whether Tanium™ Reporting, Tanium™ Asset, or both are installed, you require additional permissions to see endpoint details through the Search Endpoints field or the Question Results page. For more information, see View details for a single endpoint. The |
Save a question | Saved Question write permission is required to assign a saved question to content sets for which you have permission. Saved Question write is also required to create, edit, or delete saved questions. The Sensor read content set permissions determine the available sensors. Filter Group read content set permissions determine the available filter groups. In addition to the Saved Question write permission, users require the Action write and Package write permissions to add associated packages to a new saved question configuration. In addition to these three permissions, users require owner permissions for the question if they want to modify or delete the associated packages. The |
Use Interact Saved Questions | Saved Question read content set permissions determine the saved questions that you can see in Tanium Console, such as on the Interact Overview page, Question Builder page, and Question Results grid drill-down. Sensor read permission is required for the sensors specified in a saved question that you want to issue. Filter Group read content set permission is required for the filter groups specified in the saved question. Ask Dynamic Questions permission is required to use the drill down feature in the saved question results grid. |
Use Interact Categories | Dashboard Group read content set permissions determine the categories that you can see in Console, such as on the Interact Overview page. Dashboard Group write permission is required to create, modify, or delete category configurations. Dashboard read content set permissions determine which Interact dashboards are available in categories. The |
Use Interact Dashboards | Dashboard read content set permissions determine the Interact dashboards that you can see in Console, such as on the Interact Overview page. Dashboard write permission is required to create, modify, or delete Interact dashboard configurations. Saved Question read content set permissions determine which saved questions are available in dashboards. These Dashboard read and write permissions apply to Interact dashboards, not Reporting dashboards. The |
Deploy an action | Action write permission is required to see the Deploy Action button on the Question Results grid.
Package read content set permissions determine which packages are available for you to select for actions. Sensor read and Saved Question read permissions on the Reserved content set are required to complete the deploy action workflow. During the workflow, these permissions allow special saved questions that The Administrator reserved role and Interact Power User role have all these permissions. |
Use the Interact Overview page | To see the following sections of the Interact Overview page, users require the specified permissions:
The Dashboard permissions apply to Interact dashboards, not Reporting dashboards. The Administrator reserved role has all these permissions. |
Tanium Data Service permissions
Tanium Data Service has the following predefined module roles and associated module permissions.
Do not assign the Tanium Data Service Account, Tanium Data Service Account - All Content Sets, or Data Collection Service Account roles to users. These roles are for internal purposes only.
Tanium Data Service roles also have the following administration and platform content permissions:
Permission | Permission Type | Data Collection Administrator | Data Collection Operator |
---|---|---|---|
Action Group | Administration |
|
|
Client Status | Administration |
|
|
Computer Group | Administration |
|
|
Persona | Administration |
|
|
User | Administration |
READ |
|
Action | Platform Content |
|
|
Own Action | Platform Content |
|
|
Plugin | Platform Content |
READ EXECUTE |
READ EXECUTE |
Saved Question | Platform Content |
|
|
Sensor | Platform Content |
READ |
READ |
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. |
Last updated: 9/26/2023 10:15 AM | Feedback