Reputation requirements

Review the requirements before you install and use Reputation.

Tanium dependencies

Make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.3.314.4250 or later
Tanium™ Client No client requirements.
Tanium products If you selected Install with Recommended Configurations when you installed Reputation, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Reputation requires to function, as described under Tanium Console User Guide: Manage Tanium modules.

The following modules are optional, but Reputation requires the specified minimum versions to work with them:

  • Tanium Connect 5.2.3 or later
  • Tanium™ Incident Response for hash data
  • Tanium Threat Response 1.4 or later
  • Tanium Trends 3.6.323 or later

Tanium™ Module Server

Reputation is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

The Reputation service is automatically disabled when the disk usage of the Module Server exceeds the value of the Maximum Disk Capacity setting. The default value is 85%. For more information on how to configure the Reputation service settings, see Configure Reputation service settingsConfigure Reputation service settings.

Endpoints

Reputation does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements.

Third-party software

With Reputation, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Palo Alto Networks WildFire
  • Recorded Future
  • ReversingLabs A1000
  • ReversingLabs TitaniumCloud
  • VirusTotal

Host and network security requirements

Specific ports and processes are needed to run Reputation.

Ports

For Tanium as a Service ports, see Tanium as a Service Deployment Guide: Host and network security requirements.

The following ports are required for Reputation communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17455 TCP Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Reputation security exclusions
Target device Notes Process
Module Server   <Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLS, your security administrator might need to allow the following URLs.

  • recordedfuture.com
  • reversinglabs.com
  • virustotal.com
  • wildfire.paloaltonetworks.com

User role requirements

The following tables list the role permissions required to use Reputation. For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.

Reputation user role permissions
Permission Reputation Administrator4 Reputation Operator43 Reputation Service Account3,4

Show Reputation1,2

View the Reputation workbench




Reputation Administrator

Administrative access to the Reputation shared service




Reputation Hash List Read2

Read access to the Reputation hash list data

Reputation Hash List Write2

Write access to the Reputation hash list data

Reputation Provider Read

Read access to the provider configurations




Reputation Provider Write

Write access to the provider configurations




Reputation Read1

Read access to the Reputation shared service




Reputation Service Account

Access to module service accounts to read and write data




Reputation Whitelist Blacklist Read2, 54 (deprecated)

Read access to the Reputation hash list data

In Reputation 6.0.77 and later, useUse the Hash List Read permission instead.




Reputation Whitelist Blacklist Write2, 54 (deprecated)

Write access to the Reputation hash list data

In Reputation 6.0.77 and later, useUse the Hash List Write permission instead.




Reputation Write1

Write access to the Reputation shared service




1 If you need access to only the Malicious tab in the Reputations section of the Reputation Overview page, you can add the Show Reputation and Reputation Read or Reputation Write permissions to your user.

2 If you need access to only the Reputations section of the Reputation Overview page, you can add the Show Reputation, Reputation Hash List Read, and either the Reputation Read or Reputation Write permissions to your user.

3This role provides module permissions for Tanium Connect. You can view which Connect permissions are granted to this role in the Tanium Console. For more information, see Tanium Connect User Guide: User role requirements.

43 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

54 The Reputation Whitelist Blacklist Read and Reputation Whitelist Blacklist Write permissions are deprecated. When you upgrade to Version 6.0.77 or later, default roles (Reputation Administrator and Reputation Operator)During upgrade, the Reputation Operator role automatically updates automatically update to use the Reputation Hash List Read and Reputation Hash List Write permissions. You must manually update any custom roles that use the deprecated permissions.


Provided Reputation Advanced user role permissions
  Content Set for Permission Reputation Administrator Reputation Operator Reputation Service Account
Execute Plugin Reputation
Execute Plugin Connect
Execute Plugin Trends

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.