Managing whitelisted URLs

When the Tanium Client executes content, the script might request a file from an Internet URL. The Tanium Client API uniquely identifies the download by URL, including filename. For security, the Tanium Client sends a message to the Tanium Server, which checks the requested URL against its lists of package file URLs and whitelisted URLs. The package file URLs are known URLs that the package author specified. You use the whitelisted URLs to account for dynamic URLs—for example, URLs that a Tanium Client script computed. If the URL does not match either list, the request fails.

The first time the Tanium Server handles a Tanium Client file download request that passes the whitelisted URL check, the server downloads the file and stores a temporary package file and metadata so that it can distribute the file to endpoints through the client chain. The whitelisted URLs configuration includes settings that affect how often the Tanium Server checks for changes to the requested URL files and how often the server clears temporary files.

You must be assigned a role with the Write Whitelisted URLs (micro admin) permission to create, modify, or delete the whitelisted URLs configurations. Users that are assigned to the Administrator reserved role have this permission.

Add whitelisted URLs

  1. Go to Administration > Whitelisted URLs.
  2. Configure the following settings.
  3. URL/regular expression Specify a URL. You can use a regular expression to whitelist multiple files from a base URL. For example, to whitelist any download from www.microsoft.com, use the following regex:

    http\:\/\/www\.microsoft\.com\/.*

    Note that the value is case sensitive. For example, the regex https\:\/\/192\.0\.2\.1\/abc\.csv whitelists https://192.0.2.1/abc.csv but not https://192.0.2.1/ABC.csv. The regex to whitelist both files is https\:\/\/192\.0\.2\.1\/abc|ABC\.csv.

    When a Tanium Client initiates a download that passes this check, the Tanium Server downloads the file so that it can distribute it to Tanium Clients through the linear chain.

    Download Interval Specify an interval at which the Tanium Server checks the URL for changes to the requested file. The default is every 6 hours. If the check indicates there are changes to the file, the Tanium Server updates its copy of the file and restarts the "expiration" clock. For URLs that are specified regular expression, a timer is maintained for each match.
    Expiration

    Specify the interval for clearing stale packages. The default is seven days. This means that the Tanium Server deletes files that it has not downloaded and that Tanium Clients have not requested in the past seven days. If a Tanium Client subsequently requests the URL, the Tanium Server downloads it again and resumes the update checks. For URLs that you specify with a regular expression, the Tanium Server maintains a timer for each match.

  4. Save the configuration.

Import or export a whitelisted URLs configuration

You can use the import and export features to facilitate migration from a lab environment to a production environment.

Export specific configurations

  1. Select one or more rows in the table and click Export in the toolbar above the table header.
  2. Enter a File Name or accept the default, and then click OK. The Tanium Server exports the XML file to the Downloads folder on the system you use to access the Tanium Console.

Export the complete whitelisted URLs configuration

  1. Click Export All in the table header.

    Alternatively, or if you want to export other configuration objects in addition to whitelisted URLs, go to any Content or Permissions page, click Export to XML in the top right of the Tanium Console, select Whitelisted URLs and any other object types, and click Export.

  2. Enter a File Name or accept the default, and then click OK. The Tanium Server exports the XML file to the Downloads folder on the system you use to access the Tanium Console.

Import a configuration

  1. Use KeyUtility.exe to sign the XML configuration file before you import it. As a one-time action, you must also copy the associated public key to the correct folder. For the procedures, see Signing content XML files.
  2. Go to any Content or Permissions page and click Import from XML at the top right of the page.
  3. Click Choose File, find and select the configuration file, and click Open.
  4. Click Import. If object names in the file are the same as for existing objects, the Tanium Console itemizes the conflicts and provides resolution options for each one.
  5. Select resolutions for any conflicts. For guidance, see Conflicts and Best practices, or consult your TAM.
  6. Click Import again, and click Close when the import finishes.

Last updated: 11/12/2019 3:19 PM | Feedback