Tanium Cloud automatically handles module installations and upgrades.
For information about configuring Reveal for Tanium Cloud, see Configuring Reveal.
Use the Tanium Console Solutions page to install Reveal and choose either automatic or manual configuration:
- Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Reveal is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For details about the automatic configuration for Reveal, see Import Reveal with default settings.
- Manual configuration with custom settings: After installing Reveal, you must manually configure required settings. Select this option only if Reveal requires settings that differ from the recommended default settings. For more information, see Import Reveal with custom settings.
- Read the release notes.
- Review the Reveal requirements.
- If you are upgrading from a previous version, see Upgrade Reveal.
- Assign the correct roles to users for Reveal. Review the User role requirements.
- To import the Reveal solution, you must be assigned the Administrator reserved role.
- To configure the Reveal action group, you must be assigned the Administrator reserved role, Content Administrator reserved role, or a role that has the Action Group write permission.
For initial installations of Reveal, defining an action group is the event that initiates the distribution of tools to endpoints. When you configure an action group, Reveal begins to deploy tools to those endpoints, index file systems, and evaluate rules. When you upgrade Reveal, for example from version 1.14 to 1.15, and an endpoint has no rules or rule sets, Reveal tools are not upgraded and no new tools get deployed until you deploy rules to those endpoints.
When you import Reveal with automatic configuration, the following default settings are configured:
The following default setting is configured:
The service account is set to the account that you used to import the module.
Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure service account.
To import Reveal and configure default settings, see Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Reveal version.
To import Reveal without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or update specific solutions. After the import, verify that the correct version is installed: see Verify Reveal version.
To configure the service account, see Configure service account.
To configure the Reveal action group, see (Optional) Configure the Reveal action group.
Other Tanium solutions are required for Reveal to function (required dependencies) or for specific Reveal features to work (feature-specific dependencies). See Solution dependencies.
For the steps to upgrade Reveal, see Tanium Console User Guide: Import, re-import, or update specific solutions. After the upgrade, verify that the correct version is installed: see Verify Reveal version.
If the Reveal version does not update, refresh your browser window.
Remove legacy Index dependencies from endpoints
If you have previously installed Tanium Index as a standalone application, or used the standalone application to upgrade Tanium Index, ensure that all legacy Index assets are uninstalled from endpoints before deploying the latest Reveal tools to endpoints. To ensure complete removal of legacy Index dependencies, deploy the Index - Remove Legacy Dependent package to endpoints where legacy versions of Tanium Index dependencies exist.
- To target endpoints, issue a question in Interact. Ask the question Get Tanium File Exists[Tools/EPI/dependents.txt] from all machines. If the results for an endpoint display Index it indicates that the standalone Index content has been used in the past.
- In the Question Results grid, select the rows for the endpoints that require the action, and click Deploy Action.
- From the Deploy Action page, use the Deployment Package search box typeaheads to select packages. Select the Index - Remove Legacy Dependent [Windows] or Index - Remove Legacy Dependent [Non-Windows] package.
- Configure a Deployment Schedule and Targeting Criteria. Click Deploy Action. For more information, see Deploying actions.
After you have performed these steps, if the results of the Client Extensions - Status sensor displays recorder|has_subscription|index.fileevents you can use the Recorder - Clear Subscription [OS] package to remove a single subscription from recorder.
After you import or upgrade Reveal, verify that the correct version is installed:
- Refresh your browser.
- From the Main menu, go to Modules > Reveal to open the Reveal Overview page.
- To display version information, click Info .
Last updated: 1/20/2023 2:38 PM | Feedback