Threat Response requirements

Review the requirements before you install and use Threat Response.

Tanium dependencies

In addition to a license for Threat Response, make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.2 or later
Tanium™ Console UI
Tanium™ Client
Tanium products If you selected Tanium Recommended Installation when you installed Threat Response, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that Threat Response requires to function, as described under Tanium Console User Guide: Import, re-import, or update specific solutions.

Modules at the following minimum versions are required:

  • <OtherProductName> <version>

The following modules are optional, but Threat Response requires the specified minimum versions to work with them:

  • <OtherProductName> <version>
Computer groups

When you first sign in to the Tanium Console after a fresh installation of Tanium Server 7.4.2 or later, the server TaaS automatically imports the computer groups that Threat Response requires: .

For earlier versions of the Tanium Server, or after upgrading from an earlier version, you must manually create the computer groups: see Tanium Console User Guide: Create a computer group.

Tanium™ Server

Tanium™ Module Server

Threat Response is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

For information about Module Server sizing in a Windows deployment, see Tanium Core Platform Deployment Guide for Windows: Host system sizing guidelines.

Endpoints

Supported Internet protocols

Threat Response supports only IPv4 addresses.

Threat Response supports IPv4 and IPv6 addresses.

Supported operating systems

The following endpoint operating systems are supported with Threat Response

  • Windows
  • macOS 
  • Linux
Operating System Version Notes
Windows Same as Tanium Client support. See Tanium Client Management User Guide: Client version and host system requirements.
macOS 10.11 and later  
Linux

Red Hat Enterprise Linux 6.x, 7.x

CentOS 6.x, 7.x

 

Threat Response does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.

Disk space requirements

Processor requirements

Third-party software

Host and network security requirements

Specific ports and processes are needed to run Threat Response.

Ports

The following ports are required for Threat Response communication.

Source Destination Port Protocol Purpose
Module Server Tanium as a Service     TCP  
     

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium as a Service ports, see Tanium as a Service Deployment Guide: Host and network security requirements.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Template security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process "<Module Server>\services\ProductName\node.exe" service.js
  Process <Module Server>\services\twsm-v1\twsm.exe
Windows endpoints   Process <Tanium Client>\Patch\tanium-Patch.min.vbs
  Process <Tanium Client>\Patch\scans\wsusscn2.cab
7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
Linux endpoints 7.2.x clients Process <Tanium Client>/python27/python
  Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
macOS endpoints   Process <Tanium Client>/TaniumCX
  Folder /Library/Tanium/EndUserNotifications
Template security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints 7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
Linux endpoints 7.4.x clients Process

<Tanium Client>/python38/python

  Process <Tanium Client>/TaniumCX
macOS endpoints   Process <Tanium Client>/TaniumCX
  Folder /Library/Tanium/EndUserNotifications

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to allow the following URLs.

  • List here

User role requirements

The following tables list the role permissions required to use Threat Response. For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Threat Response user role permissions
Permission Threat Response Administrator1,2,3 Threat Response Endpoint Configuration Approver1,2,3 Threat Response Read Only User1,2,3 Threat Response Service Account1,3,4

Threat Response

View the Threat Response workbench



SHOW


SHOW


SHOW


SHOW

Threat Response Module

Read and write access to the Threat Response module



READ
WRITE5


READ
WRITE5


READ


READ

Threat Response Settings

Write access to platform settings in the Threat Response module



WRITE



1 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

2 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

3 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions.

4 If you installed Tanium Client Management, Endpoint Configuration is installed, and by default, configuration changes initiated by the module service account (such as tool deployment) require approval. You can bypass approval for module-generated configuration changes by applying the Endpoint Configuration Bypass Approval permission to this role and adding the relevant content sets. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

5 Grants access to content in the Threat Response content set.

Provided Threat Response platform content permissions
Permission Threat Response Administrator1 Threat Response Endpoint Configuration Approver Threat Response Read Only User1 Threat Response Service Account
Package
WRITE

WRITE
Plugin
READ

READ

READ

READ
Sensor
READ

READ

READ

READ

You can view which content sets are granted to any role in the Tanium Console.

1 This role provides content set permissions for Tanium Trends. You can view which Trends content sets are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

Provided Threat Response administration and platform content permissions
Permission Permission Type Threat Response Administrator1 Threat Response Endpoint Configuration Approver Threat Response Read Only User1 Threat Response Service Account
User Group Administration
READ

READ

READ

READ
Package Platform Content
WRITE

WRITE
Plugin Platform Content
READ

READ

READ

READ
Sensor Platform Content
READ

READ

READ

READ

You can view which content sets are granted to any role in the Tanium Console.

1 This role provides content set permissions for Tanium Trends. You can view which Trends content sets are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

Optional roles for Threat Response
Role Enables
Threat Response User Create, edit, or delete ...
Tanium Administrator Create scheduled actions for ...