Risk requirements

Review the requirements before you install and use Risk.

Tanium dependencies

Component Requirement
Tanium™ Core Platform 7.4.6.1056 or later
Tanium™ Client Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.

If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.

Tanium solutions

Other Tanium solutions are required for Risk to function (required dependencies) or for specific Risk features to work (feature-specific dependencies).

If you select Tanium Recommended Installation when you import Risk, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.

If you select only Risk to import and are using Tanium Core Platform 7.5.2.3531 with Tanium Console 3.0.72 or later, the server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Risk, the server automatically updates those dependencies to the latest available versions.

If you are using Tanium Core Platform 7.5.2.3503 or earlier with Tanium Console 3.0.64 or earlier, you must manually install the required dependencies. Risk has the following required dependencies at the specified minimum versions:

  • Tanium™ Core Content 1.3.26 or later
    • Tanium™ Core Content SSL/TLS Server Audit sensor 1.3.2 or later
  • Tanium™ Client Management 1.8.181 or later
  • Tanium™ Comply 2.10.940 or later
  • Tanium™ Impact 1.7.62 or later
  • Tanium™ Interact 2.9.83 or later
  • Tanium™ RDB Service 1.0.84 or later
  • Tanium™ Reporting service 1.3.12 or later
    • Tanium™ API Gateway 1.1.13 or later
    • Tanium™ Blob service 1.0.6 or later
  • Tanium™ Reveal 1.15.185 or later
  • Tanium™ System User service 1.0.40 or later

The server does not automatically import or update feature-specific dependencies. You must import or update those manually. See Tanium Console User Guide: Import, re-import, or update specific solutions. Risk has the following feature-specific dependencies at the specified minimum versions:

  • Tanium™ Asset 1.17.156 or later (to show asset details for endpoints)
  • Tanium™ Patch 3.6.49 or later (to view related patches on endpoints from the Risk Detail pages)

Tanium™ Module Server

Risk is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

For information about Module Server sizing in a Windows deployment, see Tanium Core Platform Deployment Guide for Windows: Host system sizing guidelines.

Endpoints

Supported Internet protocols

Risk supports IPv4 and IPv6 addresses.

Supported operating systems

The following endpoint operating systems are supported with Risk.

Operating system OS version
Microsoft Windows Server
  • Windows Server 2008 R2 SP1 or later
Microsoft Windows Workstation
  • Windows 10
  • Windows 8
  • Windows 7 SP1
  • Windows 7 Service Pack 1 requires Microsoft KB2758857.

macOS
(Intel processor only)
  • macOS 11.0 Big Sur

  • macOS 10.15 Catalina
  • macOS 10.14 Mojave
  • macOS 10.13 High Sierra
  • macOS 10.12 Sierra
  • OS X 10.11.6 El Capitan
Linux
Amazon Linux 2 LTS (2017.12)
Debian 9.x, 8.x, 10x
Oracle Linux 8.x, 7.x, 6.x, 5.x
  • Red Hat Enterprise Linux (RHEL) 8.x, 7.x, 6.x, 5.x
  • CentOS 8x, 7.x, 6.x, 5.x
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Host and network security requirements

Specific ports and processes are needed to run Risk.

Ensure all host and network security requirements for modules that provide data to Risk are also met. For more information, see:

Ports

The following ports are required for Risk communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17523 TCP Internal purposes, not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium as a Service ports, see Tanium as a Service Deployment Guide: Host and network security requirements.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, a security administrator must create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Risk security exclusions
Target Device Notes Exclusion Type Process
Windows endpoints 7.2.x clients1 Process <Tanium Client>\Python27\TPython.exe
7.4.x clients1 Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\*.dll
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\extensions\TaniumRisk.dll
  Process <Tanium Client>\extensions\TaniumRisk.dll.sig
Linux endpoints 7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumRisk.so
  Process <Tanium Client>/libTaniumRisk.so.sig
macOS endpoints 7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumRisk.dylib
  Process <Tanium Client>/libTaniumRisk.dylib.sig
1 = TPython requires SHA2 support to allow installation.
Risk security exclusions
Target Device Notes Exclusion Type Process
Windows endpoints 7.2.x clients1 Process <Tanium Client>\Python27\TPython.exe
7.4.x clients1 Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\*.dll
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\extensions\TaniumRisk.dll
  Process <Tanium Client>\extensions\TaniumRisk.dll.sig
Linux endpoints 7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumRisk.so
  Process <Tanium Client>/libTaniumRisk.so.sig
macOS endpoints 7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumRisk.dylib.sig
  Process <Tanium Client>/libTaniumRisk.dylib.sig
1 = TPython requires SHA2 support to allow installation.

User role requirements

The following tables list the role permissions required to use Risk. To review a summary of the predefined roles, see Set up Risk users.

For more information about role permissions and associated content sets, see Tanium Console User Guide: RBAC overview.

Risk user role permissions
Permission Risk Administrator1,2,3 Risk Operator1,2,3 Risk User1,2,3 Risk Endpoint Configuration Approver4,5

Risk

View the Risk workbench



SHOW


SHOW


SHOW


Risk Criticality

Allows reading and uploading Risk criticality data.



READ
WRITE


READ
WRITE

Risk Endpoint Configuration

Allows users to approve Endpoint Configuration items for Risk


APPROVE

1 This role provides module permissions for Tanium Impact. You can view which Impact permissions are granted to this role in the Tanium Console. For more information, see the Tanium Impact User Guide: User role requirements.

2 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions.

3 This role provides module permissions for the Tanium Reporting service. You can view which Reporting service permissions are granted to this role in the Tanium Console.

4 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

5 If you installed Tanium Client Management, Endpoint Configuration is installed, and by default, configuration changes initiated by the module service account (such as tool deployment) require approval. You can bypass approval for module-generated configuration changes by applying the Endpoint Configuration Bypass Approval permission to this role and adding the relevant content sets. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.


Provided Risk administration and platform content permissions
Permission Permission Type Risk Administrator1,2,3,5,6,7 Risk Operator1,2,3,5,6,7 Risk User1,2,3,5,6,7 Risk Endpoint Configuration Approver3,4
Computer Group Administration
READ

READ

READ
Filter Group Platform Content
READ

READ

READ
Plugin Platform Content
READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE
Sensor Platform Content
READ

READ

READ

READ

You can view which content sets are granted to any role in the Tanium Console.

1 This role provides content set permissions for Tanium Client Management. You can view which Client Management content sets are granted to this role in the Tanium Console. For more information, see Tanium Client Management User Guide: User role requirements.

2 This role provides content set permissions for Tanium Comply. You can view which Comply content sets are granted to this role in the Tanium Console. For more information, see Tanium Comply User Guide: User role requirements.

3 This role provides content set permissions for Tanium Data Service. You can view which Tanium Data Service content sets are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: User role requirements.

4 This role provides content set permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration content sets are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

5 This role provides content set permissions for Tanium Impact. You can view which Impact content sets are granted to this role in the Tanium Console. For more information, see Tanium Impact User Guide: User role requirements.

6 This role provides content set permissions for Tanium Interact. You can view which Interact content sets are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: User role requirements.

7 This role provides content set permissions for Tanium Reveal. You can view which Reveal content sets are granted to this role in the Tanium Console. For more information, see Tanium Reveal User Guide: User role requirements.