Reporting requirements
Review the requirements before you install and use Reporting.
Core platform dependencies
Make sure that your environment meets the following requirements:
- Tanium™ Core Platform servers: 7.5.4.1158 or later
- Tanium Console: 3.1.72 or later
Solution dependencies
Other Tanium solutions are required for Reporting to function (required dependencies) or for specific Reporting features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.
Some Reporting dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies and Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Reporting requires.
Tanium recommended installation
If you select Tanium Recommended Installation when you import Reporting, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.
Import specific solutions
If you select only Reporting to import and are using Tanium Core Platform 7.5.2.3531 or later with Tanium Console 3.0.72 or later, the Tanium Server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Reporting, the server automatically updates those dependencies to the latest available versions.
Required dependencies
Reporting has the following required dependencies at the specified minimum versions:
- Core Content 1.5.57 or later
- Core Content 1.8.5 or later requires Tanium™ Client Management. See Tanium Client Management dependencies.
- Default Computer Groups 1.0.6 or later
- Default Content 8.1.95 or later
- Reporting Content 1.0.21 or later
- Tanium™ Blob Service 1.0.6 or later
- Tanium Interact 2.14.27 or later
- Tanium™ RDB Service 1.0.84 or later
- Tanium™ System User Service 1.0.40 or later
Feature-specific dependencies
If you select only Reporting to import, you must manually import or update its feature-specific dependencies regardless of the Tanium Console or Tanium Core Platform versions. Reporting has the following feature-specific dependencies at the specified minimum versions:
- Tanium™ Asset 1.17.130 or later to view applicable content in Tanium-managed dashboard and reports.
- Tanium Connect 5.9.65 or later to create connections with reports as the data source.
- Tanium™ Comply 2.10.869 or later to view applicable content in Tanium-managed dashboard and reports.
- Tanium™ Deploy 2.8.171 or later to view applicable content in Tanium-managed dashboard and reports.
- Tanium™ Patch 3.4.22 or later to view applicable content in Tanium-managed dashboard and reports.
- Tanium™ Risk 1.0.25 or later to view applicable content in Tanium-managed dashboard and reports.
If you install feature-specific dependencies that provide content for Tanium-managed dashboards and reports after you install Reporting, Reporting periodically checks for dependencies and collects data when the dependencies are present. To force Reporting to check for new dependencies, you can restart the Reporting service.
Tanium™ Module Server
Reporting is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.
For information about Module Server sizing in a Windows deployment, see Tanium Core Platform Deployment Guide for Windows: Host system sizing guidelines.
Endpoints
Reporting does not deploy packages or endpoint tooling to endpoints. For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.
Host and network security requirements
Specific ports and processes are needed to run Reporting.
Ports
The following ports are required for Reporting communication.
Source | Destination | Port | Protocol | Purpose |
---|---|---|---|---|
|
Module Server (loopback) | 17524 | TCP | Internal purposes; not externally accessible |
Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.
For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
Target Device | Notes | Exclusion Type | Exclusion |
---|---|---|---|
Module Server | Process | <Module Server>\services\reporting-service\TaniumReportingService.exe |
No additional process exclusions are required.
User role requirements
The following tables list the role permissions required to use Reporting. For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.
Do not assign the Reporting Service Account and Reporting Service Account - All Content Sets roles to users. These roles are for internal purposes only.
Permission | Reporting Operator1,21,2,3 | Reporting User1,21,2,3 | Reporting Viewer1,21,2,3 |
---|---|---|---|
Dashboard34 View, create, edit, delete, The Dashboard permissions in Reporting are not interchangeable with the Platform Content Dashboard permissions. |
READ WRITE |
READ WRITE |
READ |
Managed Dashboard For internal purposes only. |
|
|
|
Managed Report For internal purposes only. |
|
|
|
Report34 View, create, edit, delete, |
READ WRITE |
READ WRITE |
READ |
Report API API access to Reporting and Tanium Data Service Note: The Report API user permission is required to use Reporting through the API and the Tanium Console. |
USER |
USER |
USER |
Reporting For internal purposes only |
|
|
|
Reporting Alert34 View, create, update, and delete threshold-based alerts. |
READ WRITE |
READ WRITE |
READ |
Reporting Category READ: View report labels |
READ WRITE |
READ WRITE |
READ |
Reporting Groups45 Configure computer groups for historical tracking used in charts and dashboards |
CONFIGURE |
|
|
Reporting Historical Sources READ: View historical sources |
READ WRITE |
|
|
Reporting Managed Alert For internal purposes only |
|
|
|
Reporting Pipeline Run and read pipeline data from Tanium Data Service |
|
|
|
Reporting Service Account For internal purposes only |
|
|
|
Reporting Service Account All Content For internal purposes only |
|
|
|
Reporting Settings View and update Reporting settings. |
READ WRITE |
READ |
READ |
Reporting System Alert For internal purposes only |
|
|
|
System Dashboard For internal purposes only |
|
|
|
System Report For internal purposes only |
|
|
|
Template Dashboard For internal purposes only |
|
|
|
Template Report For internal purposes only |
|
|
|
1 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions. 2 This role provides module permissions for Tanium Feed. You can view which Feed permissions are granted to this role in the Tanium Console. For more information, see Tanium Feed User Guide: User role requirements. 3 Grants access to content in the Reporting content set. 4 Grants access to content in the Reserved content set. |
|||
1 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions. 2 This role provides module permissions for Tanium Direct Connect. You can view which Direct Connect permissions are granted to this role in the Tanium Console. For more information, see Tanium Direct Connect User Guide: User role requirements. 3 This role provides module permissions for Tanium Feed. You can view which Feed permissions are granted to this role in the Tanium Console. For more information, see Tanium Feed User Guide: User role requirements. 4 Grants access to content in the Reporting content set. 5 Grants access to content in the Reserved content set. |
Permission | Permission Type | Reporting Operator | Reporting User | Reporting Viewer |
---|---|---|---|---|
Filter Group | Platform Content |
READ |
READ |
READ |
Plugin | Platform Content |
EXECUTE READ |
EXECUTE READ |
EXECUTE READ |
Sensor | Platform Content |
READ |
READ |
READ |
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. |
Last updated: 1/30/2023 5:08 PM | Feedback