Other versions

Managing whitelisted URLs

When the Tanium™ Client executes content, the script might request a file from an Internet URL. The Tanium Client API uniquely identifies the download by URL, including filename. For security, the Tanium Client sends a message to the Tanium Server, which checks the requested URL against its lists of package file URLs and whitelisted URLs. The package file URLs are known URLs specified by the package author. You use the whitelisted URLs to account for dynamic URLs—for example, URLs that are computed by a Tanium Client script. If the URL does not match either list, the request fails.

The first time the Tanium™ Server handles a Tanium Client file download request that passes the whitelisted URL check, it downloads the file and stores a temporary package file and metadata so that it can distribute the file to endpoints through the client chain. The whitelisted URLs configuration includes settings that affect how often Tanium Server checks for changes to the requested URL files and how often the temporary files are cleaned up.

Role requirements

You must be assigned a role with the Write Whitelisted URLs (Micro Admin) permission to create, modify, or delete the whitelisted URLs configurations. Users that are assigned to the Administrator reserved role have this permission.

Add whitelisted URLs

  1. Go to Administration > Whitelisted URLs.
  2. Configure the following settings.
  3. URL/regular expression Specify a URL. You can use a regular expression to whitelist multiple files from a base URL. For example, to whitelist any download from www.microsoft.com, use the following regex:

    http\:\/\/www\.microsoft\.com\/.*

    When a Tanium Client initiates a download that passes this check, the Tanium Server downloads the file so that it can distribute it to Tanium Clients through the linear chain.

    Download Interval Specify an interval at which the Tanium Server checks the URL for changes to the requested file. The default is every 6 hours. If the check indicates there are changes to the file, the Tanium Server updates its copy of the file and restarts the "expiration" clock. For URLs that are specified regular expression, a timer is maintained for each match.
    Expiration Specify a period at which to clean up stale packages. The default is 7 days. This means that a file that has not been requested or re-downloaded in the past 7 days is deleted from the Tanium Server. If the URL is subsequently requested, the Tanium Server downloads it again and resumes the "update checks". This setting was introduced in version 7.1. For URLs that are specified regular expression, a timer is maintained for each match.
  4. Save the configuration.

Import/export a whitelisted URLs configuration

You can use the import/export features to facilitate migration from a lab environment to a production environment.

Export specific configurations

Select one or more rows in the table and click the export icon that is displayed above the table when you select rows.

Export the complete whitelisted URLs configuration

Click the export icon in the header above the table.

Import a configuration

  1. From any any Content, Content Sets, or Roles page, click the Import from XML link in the top right.
  2. Browse to and select the configuration file and click Import.

You must use KeyUtility.exe to sign XML files before you import them. You must also copy the public key for the key that signed the XML file to the Tanium Server keys folder. When you import content, the Tanium Server verifies the signature on the imported content against its store of content signing key files. See Signing content XML files.

Last updated: 10/22/2018 2:38 PM | Feedback