Reveal requirements

Review the requirements before you install and use Reveal.

Review the requirements before you use Reveal.

Tanium dependencies

Component Requirement
Tanium™ Core Platform 7.3.314.4250 or later.
Tanium™ Client Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.

If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.
Tanium solutions If you clicked the Tanium Recommended Installation button when you installed Reveal, the Tanium Server automatically installed all your licensed solutions at the same time. Otherwise, you must manually install the solutions that Reveal requires to function, as described under Tanium Console User Guide: Import, re-import, or update specific solutions.

Tanium solutions at the following minimum versions are required:

  • Tanium Index 2.5.2 or later.
  • Tanium Trends 3.6.331 or later.
  • Tanium Interact 2.5.146 or later.
  • Tanium Direct Connect 1.4.0 or later.
  • Tanium Endpoint Configuration 1.2 or later.

Endpoint Configuration is installed as part of Tanium Client Management 1.5 or later.

The following Tanium solutions are optional, but Reveal requires the specified minimum versions to work with them:

  • Threat Response 3.4.346 or later
Computer groups

When you first log into the Tanium Console after installing the Tanium Server, the server automatically imports the computer groups that Reveal requires:

  • All Computers

  • All Windows

  • All Mac

  • All Linux

Reveal deploys the Tanium Index tools if necessary and starts the indexing process. Additionally, Reveal deploys a default Index configuration. Ensure that any file types or directories that you expect Reveal to scan are not excluded from hashing. By default, the following directories are excluded from hashing:

  • ^/Library/Tanium/TaniumClient/ (macOS)

  • ^/opt/Tanium/TaniumClient/ (Linux)

  • \\Tanium\\Tanium Client\\ (Windows)

Tanium Module Server

Reveal is installed and runs as a service on the Tanium Module Server. The impact on the Module Server is minimal and depends on usage.

Endpoints

Supported operating systems
Operating system OS version
Microsoft Windows Server
  • Windows Server 2008 R2 SP1 or later
Microsoft Windows Workstation
  • Windows 10
  • Windows 8
  • Windows 7 SP1

    • Windows 7 Service Pack 1 requires Microsoft KB2758857.
macOS
(Intel processor only)

  • macOS 11.0 Big Sur

  • macOS 10.15 Catalina
  • macOS 10.14 Mojave
  • macOS 10.13 High Sierra
  • macOS 10.12 Sierra
  • OS X 10.11.6 El Capitan
Linux
Amazon Linux 2 LTS (2017.12)
Debian 9.x, 8.x, 10x
Oracle Linux 8.x, 7.x, 6.x, 5.x
  • Red Hat Enterprise Linux (RHEL) 8.x, 7.x, 6.x, 5.x
  • CentOS 8x, 7.x, 6.x, 5.x
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Disk space requirements

Up to 2 GB of free disk space is required on each endpoint.

Host and network security requirements

Specific ports and processes are needed to run Reveal.

Ports

The following ports are required for Reveal communication.

Source Destination Port Protocol Purpose
Tanium Client (internal) Module Server 17475 TCP Used by the Module Server for endpoint connections to internal clients.
Tanium Client (external) Zone Server* Tanium as a Service 17486 TCP Used by the Zone Server for endpoint connections to external clients. The default port number is 17486. If needed, you can specify a different port number when you configure the Zone Proxy. Used for endpoint connections.
Module Server Module Server (loopback) 17470 TCP Internal purposes, not externally accessible
Module Server Zone Server* 17487 TCP Used by the Zone Server for Module Server connections. The default port number is 17487. If needed, you can specify a different port number when you configure the Zone Proxy.
17488 TCP Allows communication between the Zone Server and the Module Server. On TanOS, the Direct Connect Zone Proxy installer automatically opens port 17488 on the Zone Server. This port must be manually opened on Windows.
*These ports are required only when you use a Zone Server.

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Reveal security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reveal-service\node.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumReveal.dll
  Process <Tanium Client>\extensions\TaniumReveal.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\extensions\TaniumIndex.dll
  Process <Tanium Client>\extensions\TaniumIndex.dll.sig
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
7.2.x clients, 1 Process <Tanium Client>\python27\TPython.exe
7.4.x clients, 1 Process <Tanium Client>\python38\TPython.exe
7.4.x clients Folder <Tanium Client>\python38
Linux endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumReveal.so
  Process <Tanium Client>/extensions/libTaniumReveal.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/extensions/libTaniumIndex.so
  Process <Tanium Client>/extensions/libTaniumIndex.so.sig
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
 macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumReveal.dylib
  Process <Tanium Client>/extensions/libTaniumReveal.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/extensions/libTaniumIndex.dylib
  Process <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
1 = TPython requires SHA2 support to allow installation.
Reveal security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\Reveal\TaniumReveal.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumReveal.dll
  Process <Tanium Client>\extensions\TaniumReveal.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\extensions\TaniumIndex.dll
  Process <Tanium Client>\extensions\TaniumIndex.dll.sig
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
7.4.x clients, 1 Process <Tanium Client>\python38\TPython.exe
Linux endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/Reveal/TaniumReveal
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumReveal.so
  Process <Tanium Client>/extensions/libTaniumReveal.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/extensions/libTaniumIndex.so
  Process <Tanium Client>/extensions/libTaniumIndex.so.sig
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
7.4.x clients Process <Tanium Client>/python38/python
 macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/Reveal/TaniumReveal
  Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumReveal.dylib
  Process <Tanium Client>/extensions/libTaniumReveal.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/extensions/libTaniumIndex.dylib
  Process <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
7.4.x clients Process <Tanium Client>/python38/python
1 = TPython requires SHA2 support to allow installation.

User role requirements

The following tables list the role permissions required to use Reveal. To review a summary of the predefined roles, see Set up Reveal users.

For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Reveal user role permissions
Permission Reveal Administrator Reveal Operator Reveal Read Only User Reveal Service Account3 Reveal User1 Reveal Endpoint Configuration Approver2

Reveal

Provides access to the Reveal workbench and enables viewing of snippets of affected files.
SNIPPETS
SHOW
SNIPPETS
SHOW
SHOW
SNIPPETS
SHOW
SHOW

Reveal Affected

Enables viewing of affected files
FILES
FILES
FILES

Reveal API

Perform Reveal operations using the API
EXECUTE
EXECUTE
EXECUTE
EXECUTE
EXECUTE

Reveal Operator Settings

Enables viewing, listing, and editing Reveal settings
READ
WRITE
READ
WRITE

Reveal Quick

Enables viewing of quick search results
SEARCH
SEARCH
SEARCH

Reveal Rules

Enables the viewing, listing, editing, and deploying of rules
DEPLOY
READ
WRITE
DEPLOY
READ
WRITE
READ
DEPLOY
READ
WRITE
READ

Reveal Rules Deploy

Access to the Reveal workbench
STATUS
STATUS
STATUS
STATUS

Reveal Rule Sets

Enables the viewing, listing, and editing of rule sets
READ
WRITE
READ
WRITE
READ
READ
WRITE
READ

Reveal Service

Enables a user to perform work as the service account user
READ
WRITE
READ
USER

Reveal Validations

Enables viewing, editing, listing, and deploying validations
DEPLOY
READ
WRITE
DEPLOY
READ
WRITE
READ
DEPLOY
READ
WRITE
READ

Reveal Validations Deploy

Enables viewing of the status of validation deployments
STATUS
STATUS
STATUS

STATUS

Reveal Settings

Enables viewing, editing, and listing Reveal settings
READ
WRITE
READ

Reveal Admin

Perform administrative functions for the Reveal module
ADMINISTRATOR

Reveal Endpoint Configuration

Enables approver privileges in Tanium Endpoint Configuration for Reveal configuration changes.
APPROVE

1 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see the Tanium Trends User Guide: User role requirements.

2 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see the Tanium Endpoint Configuration User Guide: User role requirements.

3 If you installed Tanium Client Management, Endpoint Configuration is installed, and by default, configuration changes initiated by the module service account (such as tool deployment) require approval. You can bypass approval for module-generated configuration changes by applying the Endpoint Configuration Bypass Approval permission to this role and adding the relevant content sets. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

Provided Reveal administration and platform content permissions
Permission Permission Type Reveal Administrator 1,2 Reveal Operator Reveal Endpoint Configuration Approver Reveal User Reveal Read Only User Reveal Service Account
Action Group Administration
READ
READ
READ
READ
READ
User Administration
READ
Action Platform Content
READ
WRITE
READ
WRITE

READ
WRITE
READ
WRITE
Filter Group Platform Content
READ
READ
READ
READ
READ
Own Action Platform Content
READ
READ
READ
READ
READ
Package Platform Content
READ
WRITE
READ
WRITE
READ
WRITE
READ
WRITE
Plugin Platform Content
READ
EXECUTE
READ
EXECUTE
READ
EXECUTE
READ
EXECUTE
READ
EXECUTE
Saved Question Platform Content
READ
WRITE
READ
WRITE
READ
WRITE
READ
READ
Sensor Platform Content
READ
READ

READ
READ
READ

You can view which content sets are granted to any role in the Tanium Console.

1 This role provides content set permissions for Tanium Trends. You can view which Trends content sets are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

2 This role provides content set permissions for Tanium Direct Connect. You can view which Direct Connect content sets are granted to this role in the Tanium Console. For more information, see Tanium Direct Connect User Guide: User role requirements.