Risk requirements
Review the requirements before you install and use Risk.
Core platform dependencies
Make sure that your environment meets the following requirements:
-
Tanium license that includes Risk
-
Tanium™ Core Platform servers: 7.5.4.1158 or later
- Tanium™ Client: Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.
If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.
Solution dependencies
Other Tanium solutions are required for Risk to function (required dependencies) or for specific Risk features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.
Some Risk dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies and Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Risk requires.
Tanium recommended installation
If you select Tanium Recommended Installation when you import Risk, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.
Import specific solutions
If you select only Risk to import and are using Tanium Core Platform 7.5.2.3531 with Tanium Console 3.0.72 or later, the Tanium Server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Risk, the server automatically updates those dependencies to the latest available versions.
If you select only Risk to import and you are using Tanium Core Platform 7.5.2.3503 or earlier with Tanium Console 3.0.64 or earlier, you must manually import or update required dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.
Required dependencies
Risk has the following required dependencies at the specified minimum versions. You must install the dependencies in the listed order.
- Tanium™ Endpoint Configuration 1.2 or later (installed as part of Client Management 1.5 or later)
- Tanium™ Interact 2.12.113 or later
- Tanium™ System User service 1.0.77 or later
- Tanium™ RDB service 1.2.11 or later
- Tanium™ Reporting service 1.8.40 or later
- Tanium™ Blob service 1.0.6 or later
- Tanium Criticality service 1.0.50 or later
- Tanium™ Core Content 1.3.26 or later
- Tanium™ Core Content SSL/TLS Server Audit sensor 1.3.2 or later
Feature-specific dependencies
If you select only Risk to import, you must manually import or update its feature-specific dependencies regardless of the Tanium Console or Tanium Core Platform versions. Risk has the following feature-specific dependencies at the specified minimum versions:
- Tanium™ Asset 1.17.156 or later is required to show asset details for endpoints.
- Tanium Comply 2.10.940 or later is required to view the System Vulnerability and System Compliance risk vectors.
- Tanium Impact 1.7.62 or later is required to view the Administrative Access risk vector.
- Tanium Patch 3.6.49 or later is required to view related patches on endpoints from the Risk Detail pages.
- Tanium Reveal 1.15.185 or later is required to view the Password Identification risk vector.
Client extensions
Tanium Endpoint Configuration installs client extensions for Risk on endpoints. Client Extensions perform tasks that are common to certain Tanium solutions. The Tanium Client uses code signatures to verify the integrity of each client extension prior to loading the extension on the endpoint. Each client extension has recommended security exclusions to allow the Tanium processes to run without interference. See Security exclusions for more information. The following client extensions perform Risk functions:
- Config CX - Provides installation and configuration of extensions on endpoints. Tanium Client Management installs this client extension.
- Core CX - Provides a management framework API for all other client extensions and exposes operating system metrics. Tanium Client Management installs this client extension.
- Risk CX - Provides Risk functions on the endpoint. Tanium Risk installs this client extension.
Tanium™ Module Server
Risk is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.
For information about Module Server sizing in a Windows deployment, see Tanium Core Platform Deployment Guide for Windows: Host system sizing guidelines.
Endpoints
Supported Internet protocols
Risk supports IPv4 and IPv6 addresses.
Supported operating systems
The following endpoint operating systems are supported with Risk.
Operating system | Version | Notes |
---|---|---|
Microsoft Windows Server |
|
Windows Server 2008 R2 SP1 requires Microsoft KB2758857. |
Microsoft Windows Workstation |
|
Windows 7 Service Pack 1 requires Microsoft KB2758857. |
macOS (Intel processor only) |
|
|
Linux |
|
Host and network security requirements
Specific ports and processes are needed to run Risk.
Ensure all host and network security requirements for modules that provide data to Risk are also met. For more information, see:
- Comply User Guide: Host and network security requirements
- Impact User Guide: Host and network security requirements
- Reveal User Guide: Host and network security requirements
Ports
The following ports are required for Risk communication.
Source | Destination | Port | Protocol | Purpose |
---|---|---|---|---|
Module Server | Module Server (loopback) | 17523 | TCP | Internal purposes, not externally accessible |
Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.
For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
Target Device | Notes | Exclusion Type | Process |
---|---|---|---|
Windows endpoints | Process | <Tanium Client>\TaniumCX.exe | |
File | <Tanium Client>\extensions\TaniumRisk.dll | ||
Linux endpoints | Process | <Tanium Client>/TaniumCX | |
File | <Tanium Client>/libTaniumRisk.so | ||
macOS endpoints | Process | <Tanium Client>/TaniumCX | |
File | <Tanium Client>/libTaniumRisk.dylib |
Target Device | Notes | Exclusion Type | Process |
---|---|---|---|
Windows endpoints | Process | <Tanium Client>\TaniumCX.exe | |
File | <Tanium Client>\extensions\TaniumRisk.dll | ||
Linux endpoints | Process | <Tanium Client>/TaniumCX | |
File | <Tanium Client>/libTaniumRisk.so | ||
macOS endpoints | Process | <Tanium Client>/TaniumCX | |
File | <Tanium Client>/libTaniumRisk.dylib |
User role requirements
The following tables list the role permissions required to use Risk. To review a summary of the predefined roles, see Set up Risk users.
For more information about role permissions and associated content sets, see Tanium Console User Guide: RBAC overview.
On installation, Risk creates a Risk user to automatically manage the Risk service account. Do not edit or delete the Risk user.
Permission | Risk Administrator1,2,3,4, 5 | Risk Operator1,2,3,4,5 | Risk User1,2,3 | Risk Endpoint Configuration Approver4 |
---|---|---|---|---|
Risk View the Risk workbench |
SHOW |
SHOW |
SHOW |
|
Risk Administrator Provides privileges for the Risk Administrator role |
ADMINISTER |
|
|
|
Risk Provides privileges for the Risk Operator role |
|
OPERATOR |
|
|
Risk Support Bundle Provides privileges for the Risk support bundle |
READ |
|
|
|
Risk Settings Allows reading and updating Risk settings. |
READ WRITE |
READ |
|
|
Risk Endpoint Configuration Allows users to approve Endpoint Configuration items for Risk |
|
|
|
APPROVE |
1 This role provides module permissions for Tanium Impact. You can view which Impact permissions are granted to this role in the Tanium Console. For more information, see the Tanium Impact User Guide: User role requirements. 2 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions. 3 This role provides module permissions for the Tanium Reporting service. You can view which Reporting service permissions are granted to this role in the Tanium Console. For more information, see Tanium Reporting User Guide: User role requirements. 4 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements. 5 This role provides module permissions for the Tanium Criticality service. You can view which Criticality service permissions are granted to this role in the Tanium Console. For more information, see Tanium Criticality User Guide: User role requirements. |
Permission | Permission Type | Risk Administrator1,2,3,4,5,6,7,8,9,10,11, | Risk Operator1,2,3,4,5,6,7,8,9,10,11 | Risk User1,2,3,4,5,6,8,9,10,11 | Risk Endpoint Configuration Approver3,7 |
---|---|---|---|---|---|
Computer Group | Administration |
READ |
READ |
READ |
|
Action Group | Administration |
|
READ |
READ |
|
Global Settings | Administration |
|
READ |
READ |
|
Filter Group | Platform Content |
READ |
READ |
READ |
|
Plugin | Platform Content |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
READ EXECUTE |
Sensor | Platform Content |
READ |
READ |
READ |
READ |
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. 1 This role provides content set permissions for Tanium Client Management. You can view which Client Management content sets are granted to this role in the Tanium Console. For more information, see Tanium Client Management User Guide: User role requirements. 2 This role provides content set permissions for Tanium Comply. You can view which Comply content sets are granted to this role in the Tanium Console. For more information, see Tanium Comply User Guide: User role requirements. 3 This role provides content set permissions for Tanium Data Service. You can view which Tanium Data Service content sets are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: User role requirements. 4 This role provides content set permissions for Tanium Impact. You can view which Impact content sets are granted to this role in the Tanium Console. For more information, see Tanium Impact User Guide: User role requirements. 5 This role provides content set permissions for Tanium Interact. You can view which Interact content sets are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: User role requirements. 6 This role provides content set permissions for Tanium Reveal. You can view which Reveal content sets are granted to this role in the Tanium Console. For more information, see Tanium Reveal User Guide: User role requirements. 7 This role provides content set permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration content sets are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements. 8 This role provides module permissions for the Tanium Criticality service. You can view which Criticality service permissions are granted to this role in the Tanium Console. For more information, see Tanium Criticality User Guide: User role requirements. 9 This role provides module permissions for the Tanium Reporting service. You can view which Reporting service permissions are granted to this role in the Tanium Console. For more information, see Tanium Reporting User Guide: User role requirements. 10 This role provides module permissions for the Tanium Enforce. You can view which Reporting service permissions are granted to this role in the Tanium Console. For more information, see Tanium Enforce User Guide: User role requirements. 11 This role provides module permissions for the Tanium Incident Response service. You can view which Incident Response service permissions are granted to this role in the Tanium Console. For more information, see Tanium Threat Response User Guide: User role requirements. |
Last updated: 2/3/2023 3:18 PM | Feedback