Reporting requirements

Tanium™ Reporting is not yet available for on-premises installations of the Tanium™ Core Platform.

Review the requirements before you install and use Reporting.

Core platform dependencies

Make sure that your environment meets the following requirements:

  • Tanium™ Core Platform servers: 7.4.2.2063 or later
  • Tanium Console: 1.4.2.0053 or later

Solution dependencies

Other Tanium solutions are required for Reporting to function (required dependencies) or for specific Reporting features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.

Some Reporting dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies and Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Reporting requires.

Tanium recommended installation

If you select Tanium Recommended Installation when you import Reporting, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.

Import specific solutions

If you select only Reporting to import and are using Tanium Core Platform 7.5.2.3531 or later with Tanium Console 3.0.72 or later, the Tanium Server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Reporting, the server automatically updates those dependencies to the latest available versions.

If you select only Reporting to import and you are using Tanium Core Platform 7.5.2.3503 or earlier with Tanium Console 3.0.64 or earlier, you must manually import or update required dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.

Required dependencies

Reporting has the following required dependencies at the specified minimum versions:

  • Core Content 1.3.100 or later
  • Default Computer Groups 1.0.6 or later
  • Default Content 8.1.95 or later
  • Tanium™ Blob 1.0.6 or later
  • Tanium™ Interact 2.11.49 or later
  • Tanium™ RDB 1.0.84 or later
  • Tanium™ System User service 1.0.40 or later

Feature-specific dependencies

If you select only Reporting to import, you must manually import or update its feature-specific dependencies regardless of the Tanium Console or Tanium Core Platform versions. Reporting has the following feature-specific dependencies at the specified minimum versions:

  • Tanium Connect 5.9.65 or later to create connections with reports as the data source.

Tanium™ Module Server

Reporting is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

For information about Module Server sizing in a Windows deployment, see Tanium Core Platform Deployment Guide for Windows: Host system sizing guidelines.

Endpoints

Reporting does not deploy packages or endpoint tooling to endpoints. For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.

Host and network security requirements

Specific ports and processes are needed to run Reporting.

Ports

The following ports are required for Reporting communication.

Source Destination Port Protocol Purpose
Module Server Tanium Cloud Module Server (loopback) 17524 TCP Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

No additional process exclusions are required.

Reporting security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reporting-service\TaniumReportingService.exe

No additional process exclusions are recommended.

User role requirements

The following tables list the role permissions required to use Reporting. For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Reporting user role permissions
Permission Reporting Operator 1 Reporting Service Account 1,2,3 Reporting Service Account - All Content Sets 1 Reporting User 1 Reporting Viewer 1

Dashboard

View, create, edit, delete, and favorite dashboards


READ 24
WRITE 24


READ
WRITE

READ 24
WRITE 24

READ 24

Report

View, create, edit, delete, and favorite reports


READ 24
WRITE 24


READ
WRITE

READ 24
WRITE 24

READ 24

Report API

API access to Reporting and Tanium Data Service

Note: This permission is required to use Reporting through the API and the Tanium Console.


USER 35

USER 35


USER 35

USER 35

Reporting Groups

Configure computer groups for historical tracking used in charts and dashboards


CONFIGURE 35




Reporting Pipeline

Run and read pipeline data from Tanium Data Service




EXECUTE


Reporting Service Account

Access for the Reporting service account to read and write data



EXECUTE



Reporting Service Account All Content

Access for the Reporting service account to read and write data from all content sets.




SETS


1 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions.

2 This role provides module permissions for Tanium Blob. You can view which Blob permissions are granted to this role in the Tanium Console.

3 This role provides module permissions for Tanium RDB. You can view which RDB permissions are granted to this role in the Tanium Console.

4 Grants access to content in the Reporting content set.

5 Grants access to content in the Reserved content set.

1 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions.

2 Grants access to content in the Reporting content set.

3 Grants access to content in the Reserved content set.

 

Provided Reporting administration and platform content permissions
Permission Permission Type Reporting Operator Reporting Service Account Reporting Service Account - All Content Sets Reporting User Reporting Viewer
Computer Group Administration

READ



Global Settings Administration

READ



Token - Use Administration
SPECIAL

SPECIAL


SPECIAL

User Administration

READ



Filter Group Platform Content
READ

WRITE

READ

READ

READ
Plugin Platform Content
EXECUTE
READ

EXECUTE
READ


EXECUTE
READ

EXECUTE
READ
Sensor Platform Content
READ

READ

READ

READ

READ
You can view which content sets are granted to any role in the Tanium Console.
You can view which content sets are granted to any role in the Tanium Console.