Installing Reveal

Tanium as a Service automatically handles module installations and upgrades.

For information about configuring Reveal for Tanium as a Service (TaaS), see Configuring Reveal.

Use the Tanium Console Solutions page to install Reveal and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Reveal is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For details about the automatic configuration for Reveal, see Import Reveal with default settings.
  • Manual configuration with custom settings: After installing Reveal, you must manually configure required settings. Select this option only if Reveal requires settings that differ from the recommended default settings. For more information, see Import Reveal with custom settings.

Before you begin

  • Read the Release Notes.
  • Review the Reveal requirements.
  • If you are upgrading from a previous version, see Upgrade Reveal.
  • Assign the correct roles to users for Reveal. Review the User role requirements.
    • To import the Reveal solution, you must be assigned the Administrator reserved role or a role that has the Import Signed Content permission.
    • To configure the Reveal action group, you must be assigned the Administrator reserved role, Content Administrator reserved role, or a role that has the Action Group write permission.
  • For initial installations of Reveal, defining an action group is the event that initiates the distribution of tools to endpoints. When you configure an action group, Reveal begins to deploy tools to those endpoints, index file systems, and evaluate rules. When you upgrade Reveal, for example from version 1.14 to 1.15, and an endpoint has no rules or rule sets, Reveal tools are not upgraded and no new tools get deployed until you deploy rules to those endpoints.

Import Reveal with default settings

(Tanium Core Platform 7.4.5 or later only) You can set the Reveal action group to target the No Computers filter group by enabling restricted targeting before adding Reveal to your Tanium licenseimporting Reveal. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Tanium Reveal action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

When you import Reveal with automatic configuration, the following default settings are configured:

The following default setting is configured:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Service account

The service account is set to the account that you used to import the module.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure service account.

To import Reveal and configure default settings, see Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Reveal version.

Import Reveal with custom settings

To import Reveal without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or update specific solutions. After the import, verify that the correct version is installed: see Verify Reveal version.

To configure the service account, see Configure service account.

To configure the Reveal action group, see Add computer groups to the Reveal action group.

Manage dependencies for Tanium solutions

When you start the Reveal workbench for the first time, the Tanium Console ensures that all of the required dependencies for Reveal are installed at the required version. You must install all required Tanium dependencies before the Reveal workbench can load. A banner appears if one or more Tanium dependencies are not installed in the environment. The Tanium Console lists the required Tanium dependencies and the required versions.

  1. Install the modules and shared services that the Tanium Console lists as dependencies, as described under Tanium Console User Guide: Import, re-import, or update specific solutions.
  2. From the Main menu, go to Modules > Reveal to open the Reveal Overview page.

Upgrade Reveal

Before upgrading the Reveal version, download a troubleshooting package. The troubleshooting package contains a copy of the Reveal database and definitions that you can use in a disaster recovery scenario. For more information on downloading a troubleshooting package, see Troubleshooting Reveal: Collect logs.

For the steps to upgrade Reveal, see Tanium Console User Guide: Import, re-import, or update specific solutions. After the upgrade, verify that the correct version is installed: see Verify Reveal version.

If the Reveal version does not update, refresh your browser window.

Remove legacy Index dependencies from endpoints

If you have previously installed Tanium Index as a standalone application, or used the standalone application to upgrade Tanium Index, ensure that all legacy Index assets are uninstalled from endpoints before deploying the latest Reveal tools to endpoints. To ensure complete removal of legacy Index dependencies, deploy the Index - Remove Legacy Dependent package to endpoints where legacy versions of Tanium Index dependencies exist.

  1. To target endpoints, issue a question in Interact. Ask the question Get Tanium File Contents[Tools/EPI/dependents.txt] from all machines. If the results for an endpoint display Index it indicates that the standalone Index content has been used in the past.
  2. In the Question Results grid, select the rows for the endpoints that require the action, and click Deploy Action.
  3. From the Deploy Action page, use the Deployment Package search box typeaheads to select packages. Select the Index - Remove Legacy Dependent [Windows] or Index - Remove Legacy Dependent [Non-Windows] package.
  4. Configure a Deployment Schedule and Targeting Criteria. Click Deploy Action. For more information, see Deploying actions.

After you have performed these steps, if the results of the Client Extensions - Status sensor displays recorder|has_subscription|index.fileevents you can use the Recorder - Clear Subscription [OS] package to remove a single subscription from recorder.

Verify Reveal version

After you import or upgrade Reveal, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Modules > Reveal to open the Reveal Overview page.
  3. To display version information, click Info Info.