Reputation requirements

Review the requirements before you install and use Reputation.

Tanium dependencies

Make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.2 or later.
Tanium™ Client No client requirements.
Tanium Connect 4.11 or later (optional).
Tanium™ Incident Response For hash data (optional).
Tanium Trace 2.0.5 for reputation data (optional).
Tanium Trends 2.4 or later (optional).

Tanium™ Module Server

Reputation is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

Endpoints

Reputation does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements.

Third-party software

With Reputation, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Palo Alto Networks WildFire
  • Recorded Future
  • ReversingLabs A1000
  • ReversingLabs TitaniumCloud
  • VirusTotal

Host and network security requirements

Specific ports and processes are needed to run Reputation.

Ports

The following ports are required for Reputation communication.

Component Port Direction Purpose
Module Server 17455 Inbound Internal purposes; not externally accessible

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Table 1:   Reputation security exclusions
Target Device Process
Module Server <Module Server>\services\reputation-service\node.exe

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLS, your security administrator might need to add the following URLs to the whitelist.

  • recordedfuture.com
  • reversinglabs.com
  • virustotal.com
  • wildfire.paloaltonetworks.com

User role requirements

Table 2:   Reputation user role permissions
Permission Reputation Administrator Reputation Service Account

Show Reputation

View the Reputation workbench


1

Reputation Read

Read access to the Reputation shared service


1

Reputation Write2

Write access to the Reputation shared service


1

Reputation Whitelist Blacklist Read2

Read access to the Reputation whitelist/blacklist data


1

Reputation Whitelist Blacklist Write2

Write access to the Reputation whitelist/blacklist data


1

Reputation Administrator

Administrative access to the Reputation shared service



Connect Plugin Management

Access to manage Connect plugins



3

Reputation Service Account

Access to module service accounts to read and write data



Trends Integration Service Account

Access for module service accounts to read and write data, and to define sources and boards



4

Trends Api Board Read

View boards, sections, and panels for specified content sets


4

Trends Api Board Write

Create, edit, delete, and configure boards, sections, and panels for specified content sets


4

Trends Api Source Read

View and list sources for specified content sets


4

Trends Api Source Write

Create, edit, and delete sources for specified content sets


4

Trends Data Read

Run data queries against sources


4

1 Denotes a provided permission.

2 If you need access to only the Reputation API, you can add the Reputation Write permission to your user.

3 Denotes a permission when Connect 4.11 or later is installed.

4 Denotes a permission when Trends 2.4 or later is installed.

Table 3:   Provided Reputation Advanced user role permissions
Permission Content Set for Permission Reputation Administrator Reputation Service Account
Execute Plugin Reputation
Execute Plugin Connect 1
Execute Plugin Trends 2 2

1 Denotes a provided permission when Connect 4.12 or later is installed.

2 Denotes a provided permission when Trends 3.0 or later is installed.

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.