Reveal requirements
Review the requirements before you install and use Reveal.
Tanium dependencies
In addition to a license for the Reveal product module, make sure that your environment also meets the following requirements.
Component | Requirement |
---|---|
Platform | 7.2.314.2831 or later |
Tanium Client | 6.0.314.1540 or later recommended |
Tanium Module | Tanium™ Threat Response 1.3.2 or later, or Tanium™ Trace 2.9.1.0009 or later |
Tanium™ Index 2.4.0 or later. | |
A supported version of Tanium™ Index is included with the listed Tanium™ Threat Response dependency. |
Reveal deploys the Tanium Index tools if necessary and starts the indexing process. Additionally, Reveal deploys a default Index configuration. Ensure that any file types or directories that you expect Reveal to scan are not excluded from hashing.
Tanium Module Server
Reveal is installed and runs as a service on the Tanium Module Server. The impact on the Module Server is minimal and depends on usage.
Endpoints
Up to 2 GB of free disk space is required on each endpoint.
Host and network security requirements
Specific ports and processes are needed to run Reveal.
Ports
The following ports are required for Reveal communication.
Component | Port | Direction | Purpose |
---|---|---|---|
Module Server | 17444 | Inbound | Live connections from internal endpoints. |
17449 | Outbound | (Optional) Tanium zone hub connection to Tanium zone proxy. | |
Zone Server | 17444 | Inbound | (Optional) Live connections from external endpoints |
17449 | Inbound | (Optional) Tanium zone hub connection to Tanium zone proxy. This port only needs to be accessible from the internal network to the DMZ. |
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.
Target Device | Process |
---|---|
Module Server | <Tanium Module Server>\services\reveal-service\node.exe |
Windows endpoints | <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe |
<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe | |
<Tanium Client>\Tools\Reveal\TaniumReveal.exe | |
<Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient.exe | |
Linux/macOS endpoints | <Tanium Client>/Tools/EPI/TaniumExecWrapper |
<Tanium Client>/Tools/EPI/TaniumEndpointIndex | |
<Tanium Client>/Tools/Reveal/TaniumReveal | |
<Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient |
User role requirements
Use role-based access control (RBAC) permissions to restrict access to Reveal functions.
Permission | Reveal Administrator | Reveal Read Only User | Reveal Service Account | Reveal User | |
---|---|---|---|---|---|
Show Reveal Access to the Reveal workbench |
|
|
|
|
|
Reveal Affected Files Enables viewing of affected files |
|
|
|
|
|
Reveal Quick Search Enables viewing of quick search results |
|
|
|
|
|
Reveal Rules Deploy Enables the deployment of rules to endpoints |
|
|
|
|
|
Reveal Rules Deploy Status Access to the Reveal workbench |
|
|
|
|
|
Reveal Rules Read Enables the viewing and listing of rules |
|
|
|
|
|
Reveal Rules Write Enables the editing of rules |
|
|
|
|
|
Reveal Rule Sets Read Enables the viewing and listing of rule sets |
|
|
|
|
|
Reveal Rule Sets Write Enables the editing of rule sets |
|
|
|
|
|
Reveal Service User Enables a user to perform work as the service account user |
|
|
|
|
|
Reveal Service User Read Allows viewing details of the service account user |
|
|
|
|
|
Reveal Service User Write Enables modifications to the service user account |
|
|
|
|
|
Reveal Snippets Enables viewing of snippets of affected files. |
|
|
|
|
|
Reveal Use API Perform Reveal operations using the API |
|
|
|
|
|
Reveal Validations Deploy Enables the deployment of validations to endpoints |
|
|
|
|
|
Reveal Validations Deploy Status Enables viewing of the status of validation deployments |
|
|
|
|
|
Reveal Validations Read Enables viewing and listing of validations |
|
|
|
|
|
Reveal Validations Write Enables the editing of validations |
|
|
|
|
|
1 Denotes a provided permission. |
For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.
The Trace Live Connections Write permission is required for any user to make direct connections to endpoints to investigate rule matches.
Provide the Bypass Action Approval Advanced Role to the Trace Analysis Content Set so that Trace users can make Live Connections to endpoints without having to go through action approval and still require approval on all other actions.
Last updated: 11/1/2019 1:15 PM | Feedback