Reputation requirements

Review the requirements before you install and use Reputation.

Tanium dependencies

Make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.2 or later.
Tanium™ Client No client requirements.
Tanium Connect If you selected Install with Recommended Configurations when you installed Reputation, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Reputation requires to function, as described under Tanium Console User Guide: Manage Tanium modules.

The following modules are optional, but Reputation requires the specified minimum versions to work with them:

  • Tanium Connect 4.11 or later
  • Tanium™ Incident Response for hash data
  • Tanium Threat Response 1.4 or later
  • Tanium Trends 2.4 or later

Tanium™ Module Server

Reputation is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

Endpoints

Reputation does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements.

Third-party software

With Reputation, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Palo Alto Networks WildFire
  • Recorded Future
  • ReversingLabs A1000
  • ReversingLabs TitaniumCloud
  • VirusTotal

Host and network security requirements

Specific ports and processes are needed to run Reputation.

Ports

For Tanium as a Service ports, see Tanium as a Service Deployment Guide: Host and network security requirements.

The following ports are required for Reputation communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17455 TCP Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Table 1:   Reputation security exclusions
Target device Notes Process
Module Server   <Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLS, your security administrator might need to allow the following URLs.

  • recordedfuture.com
  • reversinglabs.com
  • virustotal.com
  • wildfire.paloaltonetworks.com

User role requirements

Table 2:   Reputation user role permissions
Permission Reputation Administrator Reputation Operator Reputation Service Account

Show Reputation1,3

View the Reputation workbench


2


Reputation Provider Read

Read access to the provider configurations



2

Reputation Provider Write

Write access to the provider configurations




Reputation Read1

Read access to the Reputation shared service


2

2

Reputation Write1

Write access to the Reputation shared service


2


Reputation Whitelist Blacklist Read3

Read access to the Reputation whitelist/blacklist data


2

2

Reputation Whitelist Blacklist Write3

Write access to the Reputation whitelist/blacklist data


2


Reputation Administrator

Administrative access to the Reputation shared service




Reputation Service Account

Access to module service accounts to read and write data




Connect Plugin Management4

Access to manage Connect plugins




Trends Integration Service Account54

Access for module service accounts to read and write data, and to define sources and boards




Trends Api Board Read54

View boards, sections, and panels for specified content sets




2

Trends Api Board Write54

Create, edit, delete, and configure boards, sections, and panels for specified content sets




2

Trends Api Source Read54

View and list sources for specified content sets




2

Trends Api Source Write54

Create, edit, and delete sources for specified content sets




2

Trends Data Read54

Run data queries against sources




2

Trends Import54

Import from file or gallery

Does not grant access to create new or custom boards and sources




2

1 If you need access to only the Malicious Reputations page, you can add the Show Reputation and Reputation Read or Reputation Write permissions to your user.

2 Denotes a provided permission.

3 If you need access to only the Whitelist/Blacklist page, you can add the Show Reputation and Reputation Read or Reputation Write permissions to your user.

4 Denotes a permission when Connect 4.11 or later is installed.

54 Denotes a permission when Trends 2.4 or later is installed.

Table 3:   Provided Reputation Advanced user role permissions
Permission Content Set for Permission Reputation Administrator Reputation Operator Reputation Service Account
Execute Plugin Reputation
Execute Plugin Connect1
Execute Plugin Trends21

1 Denotes a provided permission when Connect 4.12 or later is installed.

21 Denotes a provided permission when Trends 3.0 or later is installed.

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.