Reveal requirements

Review the requirements before you install and use Reveal.

Tanium dependencies

In addition to a license for the Reveal product module, make sure that your environment also meets the following requirements.

Component Requirement
Platform 7.2.314.2831 or later
Tanium Client 6.0.314.1540 or later recommended
Tanium Module Tanium™ Trace or Tanium™ Threat Response 1.1.0

Tanium Module Server

Reveal is installed and runs as a service on the Tanium Module Server. The impact on Module Server is minimal and depends on usage.


Reveal supports Windows and MacOS endpoints. Up to 2 GB of free disk space is required.

Host and network security requirements

Specific ports and processes are needed to run Reveal.


The following ports are required for Reveal communication.

Component Port Direction Purpose
Module Server 17444 Inbound Connecting to the Module Server for live connections to endpoints.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Table 1:   Reveal security exclusions
Target Device Process
Module Server <Tanium Module Server>\services\Reveal\node.exe
Endpoint computers

<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe

<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe

<Tanium Client>\Tools\Reveal\TaniumReveal.exe

<Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient.exe

User role requirements

Use role-based access control (RBAC) permissions to restrict access to Reveal functions.

Table 2:   Tanium Reveal User Role Privileges
Permission Reveal Administrator Reveal Read Only User Reveal Service Account Reveal User

Show Reveal

Access to the Reveal workbench

Reveal Affected Files

Enables viewing of affected files

Reveal Quick Search

Enables viewing of quick search results

Reveal Rules Deploy

Enables the deployment of rules to endpoints

Reveal Rules Deploy Status

Access to the Reveal workbench

1 1

Reveal Rules Read

Enables the viewing and listing of rules

1 1

Reveal Rules Write

Enables the editing of rules

Reveal Rule Sets Read

Enables the viewing and listing of rule sets

1 1

Reveal Rule Sets Write

Enables the editing of rule sets

Reveal Service User

Enables a user to perform work as the service account user

Reveal Service User Read

Allows viewing details of the service account user


Reveal Service User Write

Enables modifications to the service user account

Reveal Snippets

Enables viewing of snippets of affected files.

Reveal Use API

Perform Reveal operations using the API

1 1 1 1

Reveal Validations Deploy

Enables the deployment of validations to endpoints

Reveal Validations Deploy Status

Enables viewing of the status of validation deployments

1 1

Reveal Validations Read

Enables viewing and listing of validations

1 1

Reveal Validations Write

Enables the editing of validations

1 Denotes a provided permission.

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.

The Trace Live Connections Write permission is required for any user to make direct connections to endpoints to investigate rule matches.

Provide the Bypass Action Approval Advanced Role to the Trace Analysis Content Set so that Trace users can make Live Connections to endpoints without having to go through action approval and still require approval on all other actions.

Last updated: 5/21/2019 3:03 PM | Feedback