Managing whitelisted URLs

When the Tanium™ Client executes content, the script might request a file from an Internet URL. The Tanium Client API uniquely identifies the download by URL, including filename. For security, the Tanium Client sends a message to the Tanium Server, which checks the requested URL against its lists of package file URLs and whitelisted URLs. The package file URLs are known URLs specified by the package author. You use the whitelisted URLs to account for dynamic URLs—for example, URLs that are computed by a Tanium Client script. If the URL does not match either list, the request fails.

The first time the Tanium™ Server handles a Tanium Client file download request that passes the whitelisted URL check, it downloads the file and stores a temporary package file and metadata so that it can distribute the file to endpoints through the client chain. The whitelisted URLs configuration includes settings that affect how often Tanium Server checks for changes to the requested URL files and how often the temporary files are cleaned up.

User role requirements

You must be assigned a role with the Write Whitelisted URLs (Micro Admin) permission to create, modify, or delete the whitelisted URLs configurations. Users that are assigned to the Administrator reserved role have this permission.

Add whitelisted URLs

  1. Go to Administration > Whitelisted URLs.
  2. Configure the following settings.
  3. URL/regular expression Specify a URL. You can use a regular expression to whitelist multiple files from a base URL. For example, to whitelist any download from www.microsoft.com, use the following regex:

    http\:\/\/www\.microsoft\.com\/.*

    Note that the value is case sensitive. For example, the regex https\:\/\/192\.0\.2\.1\/abc\.csv whitelists https://192.0.2.1/abc.csv but not https://192.0.2.1/ABC.csv. The regex to whitelist both files is https\:\/\/192\.0\.2\.1\/abc|ABC\.csv.

    When a Tanium Client initiates a download that passes this check, the Tanium Server downloads the file so that it can distribute it to Tanium Clients through the linear chain.

    Download Interval Specify an interval at which the Tanium Server checks the URL for changes to the requested file. The default is every 6 hours. If the check indicates there are changes to the file, the Tanium Server updates its copy of the file and restarts the "expiration" clock. For URLs that are specified regular expression, a timer is maintained for each match.
    Expiration Specify a period at which to clean up stale packages. The default is 7 days. This means that a file that has not been requested or re-downloaded in the past 7 days is deleted from the Tanium Server. If the URL is subsequently requested, the Tanium Server downloads it again and resumes the "update checks". This setting was introduced in version 7.1. For URLs that are specified regular expression, a timer is maintained for each match.
  4. Save the configuration.

Import/export a whitelisted URLs configuration

You can use the import/export features to facilitate migration from a lab environment to a production environment.

Export specific configurations

  1. Select one or more rows in the table and click Export in the toolbar above the table header.
  2. Enter a File Name or accept the default, and then click OK. The Tanium Server exports the XML file to the Downloads folder on the system you use to access the Tanium Console.

Export the complete whitelisted URLs configuration

  1. Click Export All in the table header.

    Alternatively, or if you want to export other configuration objects in addition to whitelisted URLs, go to any Content or Permissions page, click Export to XML in the top right of the Tanium Console, select Whitelisted URLs and any other object types, and click Export.

  2. Enter a File Name or accept the default, and then click OK. The Tanium Server exports the XML file to the Downloads folder on the system you use to access the Tanium Console.

Import a configuration

  1. Use KeyUtility.exe to sign the XML configuration file before you import it. As a one-time action, you must also copy the associated public key to the correct folder. For the procedures, see Signing content XML files.
  2. From any Content or Permissions page, click Import from XML at the top right of the Tanium Console.
  3. Click Choose File, find and select the configuration file, and click Open.
  4. Click Import. If object names in the file are the same as for existing objects, the Tanium Console itemizes the conflicts and provides resolution options for each one.
  5. Select resolutions for any conflicts. For guidance, see Conflicts and Best practices or consult your TAM.
  6. Click Import again, and click Close when the import finishes.

Last updated: 4/23/2019 11:23 AM | Feedback