Installing Reveal

Tanium as a Service automatically handles module installations and upgrades.

Use the Solutions page to install Reveal and choose automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Reveal is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For details about the automatic configuration for Reveal, see Import and configure Reveal with default settings.
  • Manual configuration with custom settings: After installing Reveal, you must manually configure required settings. Select this option only if Reveal requires settings that differ from the recommended default settings. For more information, see Import and configure Reveal with custom settings.

Before you begin

Import and configure Reveal with default settings

When you import Reveal with automatic configuration, the following default settings are configured:

The following default settings are configured for Reveal:

  • The Reveal service account is set to the account that you used to import the module.
  • The Reveal action group is set to the computer group All Computers.
  • (Tanium Core Platform 7.4.5 or later only) Optionally, you can set the Reveal action group to target the No Computers filter group by enabling restricted targeting before adding Reveal to your Tanium licenseimporting Reveal. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Reveal action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

To import Reveal and configure default settings, be sure to select the Apply Tanium recommended configurations check box while performing the steps under Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Reveal version.

(Tanium Core Platform 7.4.5 or later only) Optionally, you can set the Reveal action group to target the No Computers filter group by enabling restricted targeting before adding Reveal to your Tanium licenseimporting Reveal. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Reveal action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

Import and configure Reveal with custom settings

To import Reveal without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps under Tanium Console User Guide: Import, re-import, or update specific solutions. After the import, verify that the correct version is installed: see Verify Reveal version.

Configure service account

The service account performs the following tasks for Reveal:
  • Create scheduled actions for automatic tools deployment and indexing
  • Schedule automatic rules deployment
  • Gather stats and results
After deploying the tools for the first time, endpoints can take some time to display status, depending on throttling configuration.

The service account is a user that runs several background processes for Reveal. This user requires the following roles and access:

  • Tanium Administrator or Reveal Service Account role.
  • If you installed Tanium Client Management, Endpoint Configuration is installed, and by default, configuration changes initiated by the module service account (such as tool deployment) require approval. You can bypass approval for module-generated configuration changes by applying the Endpoint Configuration Bypass Approval permission to this role and adding the relevant content sets. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

For more information about Reveal permissions, see User role requirements.

  1. From the Main menu, go to Modules > Reveal to open the Reveal Overview page.
  2. Click Settings and open the Service Account tab.
  3. Update the service account settings and click Save.

Configure Reveal action group

The action group defines the set of endpoints to which you are deploying the Reveal packages. By default, the Computer Group Targets setting for the Reveal action group is set to No Computers. You can set the action group to All Computers or any computer groups that you have defined.

  1. From the Main menu, go to Administration > Actions > Action Groups.
  2. In the list of action groups, click Tanium Reveal .
  3. Click Edit, select computer groups to include in the action group, and click Save.

Manage solution configurations with Tanium Endpoint Configuration

Tanium Endpoint Configuration delivers configuration information and required tools for Tanium Solutions to endpoints. Endpoint Configuration consolidates the configuration actions that traditionally accompany additional Tanium functionality and eliminates the potential for timing errors that occur between when a solution configuration is made and the time that configuration reaches an endpoint. Managing configuration in this way greatly reduces the time to install, configure, and use Tanium functionality, and improves the flexibility to target specific configurations to groups of endpoints.

Endpoint Configuration is installed as a part of Tanium Client Management. For more information, see the Tanium Client Management User Guide: Installing Client Management.

Additionally you can use Endpoint Configuration to manage configuration approval. For example, configuration changes are not deployed to endpoints until a user with approval permission approves the configuration changes in Endpoint Configuration. For more information about the roles and permissions that are required to approve configuration changes for Reveal, see User role requirements.

To use Endpoint Configuration to manage approvals, you must enable configuration approvals.

  1. From the Main menu, go to Administration > Shared Services > Endpoint Configuration to open the Endpoint Configuration Overview page.
  2. Click Settings and click the Global tab.
  3. Select Enable configuration approvals, and click Save.

For more information about Endpoint Configuration, see Tanium Endpoint Configuration User Guide.

Manage dependencies for Tanium solutions

When you start the Reveal workbench for the first time, the Tanium Console ensures that all of the required dependencies for Reveal are installed at the required version. You must install all required Tanium dependencies before the Reveal workbench can load. A banner appears if one or more Tanium dependencies are not installed in the environment. The Tanium Console lists the required Tanium dependencies and the required versions.

  1. Install the modules and shared services that the Tanium Console lists as dependencies, as described under Tanium Console User Guide: Import, re-import, or update specific solutions.
  2. From the Main menu, go to Modules > Reveal to open the Reveal Overview page.

Upgrade the Reveal version

Upgrade Reveal to the latest version.

Before upgrading the Reveal version, download a troubleshooting package. The troubleshooting package contains a copy of the Reveal database and definitions that you can use in a disaster recovery scenario. For more information on downloading a troubleshooting package, see Troubleshooting Reveal: Collect logs.

For the steps to upgrade the Reveal solution, see Tanium Console User Guide: Import, re-import, or update specific solutions. To verify the version, see Verify Reveal version.

If the Reveal version does not update, refresh your browser window.

Verify Reveal version

After you import or upgrade Reveal, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Modules > Reveal to open the Reveal Overview page.
  3. To display version information, click Info Info.