Reveal requirements

Review the requirements before you install and use Reveal.

Review the requirements before you use Reveal.

Reveal 2.0 and later does not run on an endpoint as the Reveal Client Extension. All Reveal functionality is provided by the Client Index Extension, and all data is stored in the Index database.

Reveal data in versions 2.0 and later no longer resides in the Tools/Reveal folder on the endpoint. In earlier versions of Reveal, scanned files were first found by Index scans and then parsed by Reveal, and the results stored in the Reveal database.

Reveal versions 2.0 and later still scans endpoint filesystems with Index, and then a parallel Index process detects rule matches.

Core platform dependencies

Make sure that your environment meets the following requirements:

  • Tanium license that includes Reveal

  • Tanium™ Core Platform servers: 7.4 or later

  • Tanium™ Client: Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.

    If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.

Computer group dependencies

When you first sign in to the Tanium™ Console after a fresh installation of Tanium Server 7.4.2 or later, the server Tanium™ Cloud automatically imports the computer groups that Reveal requires:

  • All Computers

  • All Windows

  • All Mac

  • All Linux

For earlier versions of the Tanium Server, or after upgrading from an earlier version, you must manually create the computer groups. See Tanium Console User Guide: Create a computer group.

Solution dependencies

Other Tanium solutions are required for Reveal to function (required dependencies) or for specific Reveal features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.

Some Reveal dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies and Reveal requirements. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Reveal requires.

Tanium recommended installation

If you select Tanium Recommended Installation when you import Reveal, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.

Import specific solutions

If you select only Reveal to import and are using Tanium Core Platform 7.5.2.3531 with Tanium Console 3.0.72 or later, the Tanium Server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Reveal, the server automatically updates those dependencies to the latest available versions.

If you select only Reveal to import and you are using Tanium Core Platform 7.5.2.3503 or earlier with Tanium Console 3.0.64 or earlier, you must manually import or update required dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.

Required dependencies

Reveal has the following required dependencies at the specified minimum versions:

Tanium™ Threat Response 3.4.346 or later is required if Threat Response exists in the same environment. Threat Response is not a required Reveal dependency.

*= The required version of this client extension is installed as part of Reveal.

Client extensions

Tanium Endpoint Configuration installs client extensions for Reveal on endpoints. Client Extensions perform tasks that are common to certain Tanium solutions. The Tanium Client uses code signatures to verify the integrity of each client extension prior to loading the extension on the endpoint. Each client extension has recommended security exclusions to allow the Tanium processes to run without interference. See Security exclusions for more information. The following client extensions perform Reveal functions:

  • Core CX - Provides a management framework API for all other client extensions and exposes operating system metrics. Tanium Client Management installs this client extension.
  • Config CX - Provides installation and configuration of extensions on endpoints. Tanium Client Management installs this client extension.
  • DEC CX - Provides a direct connection between endpoint and Module ServerTanium Cloud. Tanium Direct Connect installs this client extension.
  • Index CX - Provides the ability to index the local file systems on endpoints. Tanium Asset, Tanium Integrity Monitor, Tanium Reveal, or Tanium Threat Response installs this client extension.

Reveal deploys the Tanium Client Index Extension tools, if necessary, and starts the indexing process. Additionally, Reveal deploys a default Index configuration. Ensure that any file types or directories that you expect Reveal to scan are not excluded from hashing. By default, the following directories are excluded from hashing:

  • ^/Library/Tanium/TaniumClient/ (macOS)

  • ^/opt/Tanium/TaniumClient/ (Linux)

  • \\Tanium\\Tanium Client\\ (Windows)

Tanium Module Server

Reveal is installed and runs as a service on the Tanium Module Server. The impact on the Module Server is minimal and depends on usage.

Endpoints

Supported operating systems

Operating system Version Notes
Microsoft Windows Server

  • Windows Server 2008 R2 SP1 or later

Windows Server 2008 R2 SP1 requires Microsoft KB2758857.

Microsoft Windows Workstation
  • Windows 11
  • Windows 10
  • Windows 8
  • Windows 7 SP 1

Windows 7 Service Pack 1 requires Microsoft KB2758857.
macOS

Same as Tanium Client support

 For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements
Linux
  • Amazon Linux 2 LTS (2017.12)
  • Debian 9.x, 8.x, 10x
  • Oracle Linux 8.x, 7.x, 6.x, 5.x
  • Red Hat Enterprise Linux (RHEL) 8.x, 7.x, 6.x, 5.x
  • CentOS 7.x, 6.x, 5.x
  • AlmaLinux 8.5
  • Rocky Linux 8.5
  • SUSE Linux Enterprise Server (SLES) 15
  • openSUSE 15.x
  • SUSE Linux Enterprise Server (SLES) 12
  • openSUSE 12.x
  • SUSE Linux Enterprise Server (SLES) 11.3, 11.4
  • openSUSE 11.3, 11.4
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Disk space requirements

The amount of space that Reveal uses varies depending on how much space is used on the local disks that are being indexed. The actual space that is required for the Index database is proportional to the number of files and directories on the local disks and what hashes are configured. Quick search uses additional endpoint disk and CPU resources on endpoints.

Host and network security requirements

Specific ports and processes are needed to run Reveal.

Ports

The following ports are required for Reveal communication.

Source Destination Port Protocol Purpose
Tanium Client (internal) Module Server 17475 TCP Used by the Module Server for endpoint connections to internal clients.
Tanium Client (external) Zone Server* Tanium Cloud 17486 TCP Used by the Zone Server for endpoint connections to external clients. The default port number is 17486. If needed, you can specify a different port number when you configure the Zone Proxy. Used for endpoint connections.
Module Server Module Server (loopback) 17470 TCP Internal purposes, not externally accessible
Module Server Zone Server* 17487 TCP Used by the Zone Server for Module Server connections. The default port number is 17487. If needed, you can specify a different port number when you configure the Zone Proxy.
17488 TCP Allows communication between the Zone Server and the Module Server. On TanOS, the Direct Connect Zone Proxy installer automatically opens port 17488 on the Zone Server. This port must be manually opened on Windows.
*These ports are required only when you use a Zone Server.

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Reveal security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reveal-service\node.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File <Tanium Client>\extensions\TaniumIndex.dll
  File <Tanium Client>\extensions\TaniumIndex.dll.sig
  File <Tanium Client>\extensions\index\index.db
  File <Tanium Client>\extensions\index\index.db-shm
  File <Tanium Client>\extensions\index\index.db-wal
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumIndex.so
  File <Tanium Client>/extensions/libTaniumIndex.so.sig
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
 macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  File <Tanium Client>/extensions/libTaniumIndex.dylib
  File <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
Reveal security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File <Tanium Client>\extensions\TaniumIndex.dll
  File <Tanium Client>\extensions\TaniumIndex.dll.sig
  File <Tanium Client>\extensions\index\index.db
  File <Tanium Client>\extensions\index\index.db-shm
  File <Tanium Client>\extensions\index\index.db-wal
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumIndex.so
  File <Tanium Client>/extensions/libTaniumIndex.so.sig
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
 macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  File <Tanium Client>/extensions/libTaniumIndex.dylib
  File <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal

User role requirements

The following tables list the role permissions required to use Reveal. To review a summary of the predefined roles, see Set up Reveal users.

For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Do not assign the Reveal Service Account and Reveal Service Account - All Content Sets roles to users. These roles are for internal purposes only.

Reveal user role permissions
Permission Reveal Administrator3 Reveal Operator Reveal Read Only User Reveal User1 Reveal Endpoint Configuration Approver2

Reveal

Provides access to the Reveal workbench and enables viewing of snippets of affected files.
SNIPPETS
SHOW
SNIPPETS
SHOW
SNIPPETS
SHOW
SNIPPETS
SHOW

Reveal Admin

Perform administrative functions for the Reveal module
ADMINISTRATOR

Reveal Affected

Enables viewing of affected files
FILES
FILES
FILES
FILES

Reveal API

Perform Reveal operations using the API
EXECUTE
EXECUTE
EXECUTE
EXECUTE

Reveal Endpoint Configuration

Enables approver privileges in Tanium Endpoint Configuration for Reveal configuration changes.
APPROVE

Reveal Operator Settings

Enables viewing, listing, and editing Reveal settings
READ
WRITE
READ
WRITE
READ

Reveal Patterns

Enables viewing and editing patterns
READ
WRITE
READ
WRITE
READ
READ
WRITE

Reveal Profiles

Enables viewing, editing, and deploying profiles
READ
WRITE
DEPLOY
READ
WRITE
DEPLOY
READ
READ
WRITE
DEPLOY

Reveal Quick

Enables viewing of quick search results
SEARCH
SEARCH
SEARCH
SEARCH

Reveal Rules

Enables the viewing, listing, editing, and deploying of rules
DEPLOY
READ
WRITE
DEPLOY
READ
WRITE
READ
DEPLOY
READ
WRITE

Reveal Rules Deploy

Access to the Reveal workbench
STATUS
STATUS
STATUS
STATUS

Reveal Rulesets

Enables the viewing, listing, and editing of rule sets
READ
WRITE
READ
WRITE
READ
READ
WRITE

Reveal Settings

Enables viewing, editing, and listing Reveal settings
READ
WRITE
READ
READ

Reveal Validations

Enables viewing, editing, listing, and deploying validations
DEPLOY
READ
WRITE
DEPLOY
READ
WRITE
READ
DEPLOY
READ
WRITE

Reveal Validations Deploy

Enables viewing of the status of validation deployments
STATUS
STATUS
STATUS

STATUS

1 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see the Tanium Trends User Guide: User role requirements.

2 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see the Tanium Endpoint Configuration User Guide: User role requirements.

3 You must be assigned the Reveal Administrator role to create and download a support package.
Provided Reveal administration and platform content permissions
Permission Permission Type Reveal Administrator 1,2 Reveal Operator Reveal Endpoint Configuration Approver Reveal User Reveal Read Only User
Action Platform Content
READ
WRITE
READ
WRITE

READ
WRITE
READ
WRITE
Action Group Administration
READ
READ
READ
READ
Filter Group Platform Content
READ
READ
READ
READ
Own Action Platform Content
READ
READ
READ
READ
Package Platform Content
READ
WRITE
READ
WRITE
READ
WRITE
READ
Plugin Platform Content
READ
EXECUTE
READ
EXECUTE
READ
EXECUTE
READ
EXECUTE
READ
EXECUTE
Saved Question Platform Content
READ
WRITE
READ
WRITE
READ
WRITE
READ
WRITE
Sensor Platform Content
READ
READ

READ
READ
User Administration
READ
Question History Administrator
READ
READ
READ
READ

To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions.

1 This role provides content set permissions for Tanium Trends. You can view which Trends content sets are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

2 This role provides content set permissions for Tanium Direct Connect. You can view which Direct Connect content sets are granted to this role in the Tanium Console. For more information, see Tanium Direct Connect User Guide: User role requirements.