Reputation requirements
Review the requirements before you
Core platform dependencies
Make sure that your environment meets the following requirements:
-
Tanium™ Core Platform servers: 7.4 or later
- Tanium™ Client: No client requirements.
Solution dependencies
Other Tanium solutions are required for specific Reputation features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.
Some Reputation dependencies have their own dependencies, which you can see by clicking the links in the lists of Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Reputation requires.
Tanium recommended installation
If you select Tanium Recommended Installation when you import Reputation, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.
Import specific solutions
If you select only Reputation to import, you must manually import dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.
Feature-specific dependencies
Reputation has the following feature-specific dependencies at the specified minimum versions:
- Tanium Connect
- Tanium Threat Response
- Tanium Trends
Tanium™ Module Server
Reputation is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.
The Reputation service is automatically disabled when the disk usage of the Module Server exceeds the value of the Maximum Disk Capacity setting. The default value is 85%. For more information on how to configure the Reputation service settings, see Installing ReputationConfigure Reputation service settings.
Endpoints
Reputation does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.
Third-party software
With Reputation, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.
- Palo Alto Networks WildFire
- Recorded Future
- ReversingLabs A1000
- ReversingLabs TitaniumCloud
- VirusTotal
Host and network security requirements
Specific ports and processes are needed to run Reputation.
Ports
For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.
The following ports are required for Reputation communication.
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
| Module Server | Module Server (loopback) | 17455 | TCP | Internal purposes; not externally accessible |
No additional ports are required.
Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
| Target Device | Notes | Exclusion Type | Exclusion |
|---|---|---|---|
| Module Server | Process | <Module Server>\services\reputation-service\node.exe |
No additional process exclusions are required.
Internet URLs
If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to allow URLs on the Tanium Module Server associated with a configured reputation source. For more information about required URLs to allow, see the reputation provider documentation.
User role requirements
The following tables list the role permissions required to use Reputation. To review a summary of the predefined roles, see Set up Reputation users.
For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.
| Permission | Reputation Administrator4 | Reputation Operator43 | Reputation Service Account3,4 |
|---|---|---|---|
|
Reputation1,2 READ: Read access to the Reputation shared service WRITE: Write access to the Reputation shared service SHOW: View the Reputation workbench |
READ WRITE SHOW |
READ WRITE SHOW |
|
|
Reputation Administrator Administrative access to the Reputation shared service |
ADMINISTER |
|
|
|
Reputation Hash List2 Access to the Reputation hash list data |
READ WRITE |
READ WRITE |
|
|
Reputation Provider Access to the provider configurations |
READ WRITE |
READ WRITE |
|
|
Reputation Service Account Access to module service accounts to read and write data |
|
|
EXECUTE |
|
1 If you need access to only the Malicious tab in the Reputations section of the Reputation Overview page, you can add the Reputation show and Reputation read or Reputation write permissions to your user. 2 If you need access to only the Reputations section of the Reputation Overview page, you can add the Reputation show, Reputation Hash List read, and either the Reputation read or Reputation write permissions to your user. 3This role provides module permissions for Tanium Connect. You can view which Connect permissions are granted to this role in the Tanium Console. For more information, see Tanium Connect User Guide: User role requirements. 43 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements. |
|||
| Content Set for Permission | Reputation Administrator | Reputation Operator | Reputation Service Account | |
|---|---|---|---|---|
| Plugin | Reputation |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
| Connect Plugin | Connect |
|
|
MANAGEMENT |
| Plugin | Trends |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
|
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. |
||||
For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.
Last updated: 5/30/2023 12:03 PM | Feedback