Reveal requirements

Review the requirements before you install and use Reveal.

Tanium dependencies

In addition to a license for the Reveal product module, make sure that your environment also meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.2.314.2831 or later.
Tanium™ Client 7.2.314.3211 or later.
7.4.1.1955 or later are supported.
Tanium products If you clicked the Install with Recommended Configurations button when you installed Reveal, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Reveal requires to function, as described under Tanium Console User Guide: Manage Tanium modules.

The following products are required for features of Reveal to function. The given versions are the minimum required:

  • Tanium Index 2.4.0 or later.
  • Tanium Direct Connect 1.4.0 or later.
Computer groups

When you first log into the Tanium Console after installing the Tanium Server, the server automatically imports the computer groups that Reveal requires:

  • All Computers

  • All Windows

  • All Mac

  • All Linux

Reveal deploys the Tanium Index tools if necessary and starts the indexing process. Additionally, Reveal deploys a default Index configuration. Ensure that any file types or directories that you expect Reveal to scan are not excluded from hashing. By default, the following directories are excluded from hashing:

  • ^/Library/Tanium/TaniumClient/ (macOS)

  • ^/opt/Tanium/TaniumClient/ (Linux)

  • \\Tanium\\Tanium Client\\ (Windows)

Tanium Module Server

Reveal is installed and runs as a service on the Tanium Module Server. The impact on the Module Server is minimal and depends on usage.

Endpoints

Up to 2 GB of free disk space is required on each endpoint.

Table 1:   Supported operating systems
Operating system OS version
Microsoft Windows Server
  • Windows Server 2019 *
  • Windows Server 2016 *
  • Windows Server 2012, 2012 R2
  • Windows Server 2008 R2

* Nano Server not supported.

Microsoft Windows Workstation
  • Windows 10
  • Windows 8
  • Windows 7
macOS
(Intel processor only)
  • macOS 10.15 Catalina
  • macOS 10.14 Mojave
  • macOS 10.13 High Sierra
  • macOS 10.12 Sierra
  • OS X 10.11 El Capitan
  • OS X 10.10 Yosemite
  • OS X 10.9 Mavericks
  • OS X 10.8 Mountain Lion
Linux
Amazon Linux 2 LTS (2017.12)
Debian 9.x, 8.x
Oracle Enterprise Linux 7.x, 6.x, 5.x
  • Red Hat Enterprise Linux (RHEL) 8.x, 7.x, 6.x, 5.x
  • CentOS 7.x, 6.x, 5.x
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Host and network security requirements

Specific ports and processes are needed to run Reveal.

Ports

The following ports are required for Reveal communication.

Component Port Direction Purpose
Module Server 17475 Inbound Connecting to the Module Server for direct connections to endpoints.
Zone Server* 17486 Inbound The binding port that is used by the Zone Server for endpoint connections. The default port number is 17486. If needed, you can specify a different port number when you configure the Zone Proxy.
17487 Inbound The binding port that is used by the Zone Server for module server connections. The default port number is 17487. If needed, you can specify a different port number when you configure the Zone Proxy.
17488 Inbound The Direct Connect Zone Proxy installer automatically opens port 17488 on the Zone Server to allow communication between the Zone Server and the Module Server.
*These ports are required only when you use a Zone Server.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Table 2:   Reveal security exclusions
Target Device Process
Module Server <Tanium Module Server>\services\reveal-service\node.exe
  Windows endpoints <Tanium Client>\TaniumCX.exe
<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
<Tanium Client>\Tools\Reveal\TaniumReveal.exe
<Tanium Client>\TaniumClientExtensions.dll
<Tanium Client>\TaniumClientExtensions.dll.sig
<Tanium Client>\extensions\RevealCX.dll
<Tanium Client>\extensions\RevealCX.dll.sig
<Tanium Client>\extensions\TaniumDEC.dll
<Tanium Client>\extensions\TaniumDEC.dll.sig
<Tanium Client>\extensions\core\libTaniumPythonCx.dll
<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
<Tanium Client>\Python27\TPython.exe(7.2.x clients)
<Tanium Client>\Python38\TPython.exe(7.4.x clients)
<Tanium Client>\Python38\*.dll(7.2.x clients)
  Linux/macOS endpoints <Tanium Client>/TaniumCX
<Tanium Client>/Tools/EPI/TaniumExecWrapper
<Tanium Client>/Tools/EPI/TaniumEndpointIndex
<Tanium Client>/Tools/Reveal/TaniumReveal
<Tanium Client>/libTaniumClientExtensions.so(Linux)
<Tanium Client>/libTaniumClientExtensions.so.sig(Linux)
<Tanium Client>/extensions/libRevealCX.so(Linux)
<Tanium Client>/extensions/libRevealCX.so.sig(Linux)
<Tanium Client>/extensions/libTaniumDEC.so(Linux)
<Tanium Client>/extensions/libTaniumDEC.so.sig(Linux)
<Tanium Client>/extensions//core/libTaniumPythonCx.so(Linux)
<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig(Linux)
<Tanium Client>/libTaniumClientExtensions.dylib(macOS)
<Tanium Client>/libTaniumClientExtensions.dylib.sig(macOS)
<Tanium Client>/extensions/libRevealCX.dylib(macOS)
<Tanium Client>/extensions/libRevealCX.dylib.sig(macOS)
<Tanium Client>/extensions/libTaniumDEC.dylib(macOS)
<Tanium Client>/extensions/libTaniumDEC.dylib.sig(macOS)
<Tanium Client>/extensions/core/libTaniumPythonCx.dylib(macOS)
<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig(macOS)
<Tanium Client>/python27/python(7.2.x clients)
<Tanium Client>/python38/python(7.4.x clients)

User role requirements

Use role-based access control (RBAC) permissions to restrict access to Reveal functions.

Table 3:   Tanium Reveal User Role Privileges
Permission Reveal Administrator Reveal Read Only User Reveal Service Account Reveal User

Show Reveal

Access to the Reveal workbench

Reveal Affected Files

Enables viewing of affected files

Reveal Quick Search

Enables viewing of quick search results

Reveal Rules Deploy

Enables the deployment of rules to endpoints

Reveal Rules Deploy Status

Access to the Reveal workbench

1 1

Reveal Rules Read

Enables the viewing and listing of rules

1 1

Reveal Rules Write

Enables the editing of rules

Reveal Rule Sets Read

Enables the viewing and listing of rule sets

1 1

Reveal Rule Sets Write

Enables the editing of rule sets

Reveal Service User

Enables a user to perform work as the service account user

Reveal Service User Read

Allows viewing details of the service account user

1

Reveal Service User Write

Enables modifications to the service user account

Reveal Snippets

Enables viewing of snippets of affected files.

Reveal Use API

Perform Reveal operations using the API

1 1 1 1

Reveal Validations Deploy

Enables the deployment of validations to endpoints

Reveal Validations Deploy Status

Enables viewing of the status of validation deployments

1 1

Reveal Validations Read

Enables viewing and listing of validations

1 1

Reveal Validations Write

Enables the editing of validations

Reveal Settings Read

Enables viewing and listing Reveal settings

1

Reveal Settings Write

Enables the editing of Reveal settings

1 Denotes a provided permission.

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.

Last updated: 3/31/2020 2:22 PM | Feedback