Tanium Map User Guide. Version 1.0.0

Similar documents
Tanium Asset User Guide. Version 1.1.0

Tanium Network Quarantine User Guide

Tanium Asset User Guide. Version 1.3.1

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Tanium Discover User Guide. Version 2.5.1

Tanium Integrity Monitor User Guide

Tanium Patch User Guide. Version 2.1.5

Tanium Patch User Guide. Version 2.3.0

Tanium Discover User Guide. Version 2.x.x

Tanium Connect User Guide. Version 4.8.3

Tanium Comply User Guide. Version 1.7.3

Tanium Protect User Guide. Version 1.9.3

Tanium Incident Response User Guide

Quest Enterprise Reporter 2.0 Report Manager USER GUIDE

Cisco TelePresence FindMe Cisco TMSPE version 1.2

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Tanium Interact User Guide. Version 1.1.0

SonicWall Global VPN Client Getting Started Guide

Migration and Upgrade: Frequently Asked Questions

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid

Cisco Terminal Services (TS) Agent Guide, Version 1.1

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

Cisco UCS Performance Manager Release Notes

Validating Service Provisioning

Application Launcher User Guide

Prime Service Catalog: UCS Director Integration Best Practices Importing Advanced Catalogs

Tanium Interact User Guide. Version 2.0.0

SharePoint Farm Reporter Installation Guide

Cisco UCS Performance Manager Release Notes

Cisco Meeting Management

Cisco CSPC 2.7x. Configure CSPC Appliance via CLI. Feb 2018

Wireless Clients and Users Monitoring Overview

Cisco Terminal Services (TS) Agent Guide, Version 1.0

Security Removable Media Manager

x10data Smart Client 7.0 for Windows Mobile Installation Guide

One Identity Active Roles Diagnostic Tools 1.2.0

Cisco TelePresence IP GW MSE 8350

Quest Collaboration Services 3.6. Installation Guide

SPListX for SharePoint Installation Guide

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 3.1

If the firmware version indicated is earlier than the "Version 1.06", please update the unit s firmware.

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

Cisco TelePresence TelePresence Server MSE 8710

Authenticating Cisco VCS accounts using LDAP

Managing Device Software Images

Quantum Policy Suite Subscriber Services Portal 2.9 Interface Guide for Managers

vanalytics Endpoint Monitoring Technical Deployment Guide for Real Time Endpoint Monitoring and Alerts

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

EAM Portal User's Guide

Cisco Unified Communications Self Care Portal User Guide, Release

MySonicWall Secure Upgrade Plus

Cisco TelePresence MCU MSE 8510

One Identity Active Roles 7.2

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Cisco Prime Network Registrar IPAM 8.3 Quick Start Guide

Provisioning an OCH Network Connection

Cisco Meeting App. Release Notes. WebRTC. Version number September 27, Cisco Systems, Inc.

Quest Unified Communications Diagnostics Data Recorder User Guide

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Tanium Protect User Guide. Version 1.0.7

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Polycom RealPresence Access Director System, Virtual Edition

User Manual Arabic Name Romanizer Name Geolocation System

Network-MIDI Driver Installation Guide

Creating and Installing SSL Certificates (for Stealthwatch System v6.10)

IBM SPSS Statistics Desktop

Cisco FindIT Plugin for Kaseya Quick Start Guide

SonicWall Secure Mobile Access

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

Toad Edge Installation Guide

Metalogix ControlPoint 7.6. for Office 365 Installation Guide

SUPPORT MATRIX. HYCU OMi Management Pack for Citrix

Cisco Unified Communications Self Care Portal User Guide, Release 11.5(1)

Security Explorer 9.1. User Guide

Cisco Prime Home Device Driver Mapping Tool July 2013

Cisco Meeting App. Cisco Meeting App (OS X) Release Notes. July 21, 2017

Nokia Client Release Notes. Version 2.0

Quick Start Guide for Cisco Prime Network Registrar IPAM 8.0

Provisioning an Ethernet Private Line (EPL) Virtual Connection

Security Removable Media Manager

Polycom RealPresence Resource Manager System

SonicWall Content Filtering Client for Windows and Mac OS

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Dell Change Auditor 6.5. Event Reference Guide

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.2

MobiControl v13: Package Rules to Profiles Migration Guide. January 2016

Deploying IWAN Routers

Quest ChangeAuditor 5.1 FOR LDAP. User Guide

Multifactor Authentication Installation and Configuration Guide

CX Recorder. User Guide. Version 1.0 February 8, Copyright 2010 SENSR LLC. All Rights Reserved. R V1.0

IP Routing: ODR Configuration Guide, Cisco IOS Release 15M&T

Cisco Proximity Desktop

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Tetration Cluster Cloud Deployment Guide

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007

Cisco Expressway Authenticating Accounts Using LDAP

SonicWall Secure Mobile Access

Cisco StadiumVision Management Dashboard Monitored Services Guide

Transcription:

Tanium Map User Guide Version 1.0.0 September 06, 2018

The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is believed to be accurate, but is presented without any warranty of any kind, express or implied, except as provided in Tanium s customer sales terms and conditions. Unless so otherwise provided, Tanium assumes no liability whatsoever, and in no event shall Tanium or its suppliers be liable for any indirect, special, consequential, or incidental damages, including without limitation, lost profits or loss or damage to data arising out of the use or inability to use this document, even if Tanium Inc. has been advised of the possibility of such damages. Any IP addresses used in this document are not intended to be actual addresses. Any examples, command display output, network topology diagrams, and other figures included in this document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Please visit https://docs.tanium.com for the most current Tanium product documentation. Tanium is a trademark of Tanium, Inc. in the U.S. and other countries. Third-party trademarks mentioned are the property of their respective owners. 2018 Tanium Inc. All rights reserved. 2018 Tanium Inc. All Rights Reserved Page 2

Table of contents Map overview 5 Application dependency mapping 5 Endpoint mapping 5 Application resiliency 5 Getting started 7 Map requirements 8 Tanium dependencies 8 Tanium Module Server 8 Endpoints 8 Host and network security requirements 8 Security exclusions 8 User role requirements 9 Tanium 7.1 9 Installing Map 10 Before you begin 10 Import Map 10 Verify installation 10 Set up Map 10 Configure service account 10 Configure Map action group 11 Initialize endpoints 11 What to do next 11 Defining applications 12 2018 Tanium Inc. All Rights Reserved Page 3

Explore the application catalog 12 Create application 12 Edit application 14 Export application definition 14 Import application definition 14 Creating maps 15 Create an application map 15 Create an endpoint map 15 Exploring data 17 Explore maps 17 View endpoint details 19 Filter maps 22 Refresh map data 22 Troubleshooting Map 23 Collect logs 23 Problem: Map data is not showing up for an endpoint 23 Uninstall Map 23 2018 Tanium Inc. All Rights Reserved Page 4

Map overview Identify the components of your applications and services, and view relationships between the applications and the endpoints on which they are running. With this knowledge, you can make your applications more resilient and know the impact before taking endpoints down for maintenance. Application dependency mapping In Map, a business application is a logical grouping of software, devices, and network traffic. You can create an application map to show a visual representation of the dependencies between these components. For example, you might have a three-tier web application that consists of a database server, web service, and other software. A set of clients access this application over the network. By defining the components of this application, you can visualize which servers run the application code and which endpoints are accessing the application. You can change the map to include or exclude servers or end user computers. As a result, you might find that a critical part of the application is running on an endpoint that is not maintained as a server, or that unexpected clients are trying to access the application. Endpoint mapping With an endpoint map, you can create a map that consists of a set of IP addresses. By viewing details in an endpoint map, you can see the processes that are running on specific endpoints and the business applications that depend on a specific endpoint. Application resiliency By identifying application dependencies, endpoints, infrastructure, and utilization you can better identify single points of failure, capacity planning problems, and inefficient use of IT. If a specific endpoint needs to undergo maintenance, for example, you can understand all of the applications that are affected by that outage. To investigate an outage, you can create multiple maps from different time periods and compare them to determine what changed. This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties ( Third Party Items ). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all 2018 Tanium Inc. All Rights Reserved Page 5

warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium. Further, this documentation does not require or contemplate the use of or combination with Tanium products with any particular Third Party Items and neither Tanium nor its affiliates shall have any responsibility for any infringement of intellectual property rights caused by any such combination. You, and not Tanium, are responsible for determining that any combination of Third Party Items with Tanium products is appropriate and will not cause infringement of any third party intellectual property rights. 2018 Tanium Inc. All Rights Reserved Page 6

Getting started 1. Install Tanium Map. For more information, see Installing Map on page 10. 2. Create applications. For more information, see Defining applications on page 12. 3. Create maps. For more information, see Creating maps on page 15. 4. Explore data. For more information, see Exploring data on page 17. 2018 Tanium Inc. All Rights Reserved Page 7

Map requirements Review the requirements before you install and use Map. Tanium dependencies In addition to a license for the Map product module, make sure that your environment also meets the following requirements. Component Requirement Platform 7.0.314.6319 or later 7.1.314.3071 or later 7.2.314.2831 or later Tanium Client 6.0.314.1540 or later recommended Tanium Module Server Map is installed and runs as a service on the Module Server host computer. The impact on Module Server is minimal and depends on usage. Endpoints Up to 1 GB of free disk space is required for the Map database. Host and network security requirements Specific processes are needed to run Map on the Tanium Module Server and endpoints. Security exclusions If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. Target Device Module Server Process <Tanium Module Server>\services\map\node.exe 2018 Tanium Inc. All Rights Reserved Page 8

Target Device Endpoint computers Process <Tanium Client>\Python27\TPython.exe <Tanium Client>/Tools/Trace/recorder (Linux and Mac OS only; exclusion not needed for Windows) User role requirements Tanium 7.1 Table 1: Map User Role Privileges for Tanium 7.1.314.3071 or later Privilege Map Administrator Map User Map Read Only User Map Module Read Read access to the Map module Map Module Write Write access to the Map module Map Settings Write Write access to global settings in the Map module 2018 Tanium Inc. All Rights Reserved Page 9

Installing Map You can install Map from the Tanium Solutions page. Before you begin Read the release notes. Review the Map requirements on page 8. Import Map Import Map from the Tanium Solutions page. 1. From the Main Menu, click Tanium Solutions. 2. Under Tanium Map, click Import. Note: Tanium Map is a licensed solution. If Tanium Map is not on the Tanium Solutions page, contact your Technical Account Manager. 3. In the Content Import Preview window, you can expand the package to review the Tanium content that is being installed. Click Proceed with Import. 4. After the installation process completes, refresh your browser. 5. From the main menu, click Map. The Map home page is displayed. Verify installation To verify that Map is installed, go to the Tanium Solutions page and check the installed version. To check the installed version on the Map home page, click Info. Set up Map Configure service account The service account is used to create recurring maintenance activities for Map. 1. From the Map home page, click Configure Service Account. 2. Enter a user name and password. 3. Click Set Credentials. 2018 Tanium Inc. All Rights Reserved Page 10

Configure Map action group The action group defines the set of endpoints to which you are deploying the Map packages. By default, the Computer Group Targets setting for the Map action group is set to No Computers. You can set the action group to All Computers or any computer group that you have defined. 1. From the Main menu, click Actions > Scheduled Actions. 2. Choose the Map action group. Click Edit. 3. Choose the computer group for the group of endpoints that you want to use for Map. Click Save. Initialize endpoints From the home page, click Initialize Endpoints to install the Map tools on the endpoints and start the Map service. Note: After deploying the tools for the first time, endpoints can take up to four hours to display status. What to do next See Getting started on page 7 for more information about using Map. 2018 Tanium Inc. All Rights Reserved Page 11

Defining applications A business application is a collection of software components. You can create a business application by selecting a predefined application from the application catalog, or by defining your own application processes and ports. Explore the application catalog The application catalog includes a set of commonly-defined application definitions. You can import these definitions as an application in your environment and modify them as necessary. 1. From the Map menu, click Applications, then click the Application Catalog tab. 2. The catalog contains commonly-defined application definitions. To import an application, click Import and provide your user account information. 3. An application is created that contains the definition. Go to the Applications tab to edit the application. Create application 1. From the Map menu, click Applications. Click New Application. 2. Enter a name and description for the application. 3. Define software packages. The software packages that you define are known components of the business application. For example, if you have a web application that consists of a front end, database, and client, add packages for each of these pieces. The packages are combined with the OR operator, so any package in the list that returns true causes the application to be found on an endpoint. Click Add Package. 4. Define rules. Each software package contains a set of rules that define processes and ports. If the package consists of multiple processes, you can add more rules. You might need to define ports for specific web applications. Click New Rule > Process. These rules are combined with an AND operator. All rules must return true for the 2018 Tanium Inc. All Rights Reserved Page 12

package to be considered found on an endpoint. 2018 Tanium Inc. All Rights Reserved Page 13

5. Click Save. After you click Save, the endpoints should have the update within 1-2 minutes. Edit application When you edit an application, all maps that reference that application are affected. 1. From the Map menu, click Applications. Click the name of the application that you want to edit. 2. Before you update the application, review the list of maps that reference this application. All these maps are affected by the updates. 3. Click Edit. 4. Click Save. After you click Save, the endpoints should have the update within 1-2 minutes. Export application definition You can export an application definition to back up the information, or use the JSON format in the file to create an application definition to import. 1. From the Map menu, click Applications. Click the name of the application that you want to export. 2. Click Export. The JSON file for the application definition downloads to your local downloads folder. Import application definition You can import an application definition JSON file. 1. From the Map menu, click Applications. 2. Click Import. Browse to the JSON file that contains the application definition and click Import. 2018 Tanium Inc. All Rights Reserved Page 14

Creating maps A map is a set of parameters that generate a question. The question returns information about application components and connections over the specified time period. You can create maps spontaneously as part of an investigation, or as a part of an audit routine. Create an application map An application map displays an end-to-end map of nodes, both managed and unmanaged, that constitute an application or multiple applications. By tracking application maps over time, you can quickly identify what has changed that caused any outages. You could create maps for two different time frames, and compare the results. Before you begin, you must have an application created for which you want to create a map. See Defining applications on page 12. 1. From the Map menu, click Maps. Click New Application Map. 2. Add target applications to the map. Click Add Application and then choose the application that you want to map. You can add multiple applications to the map. 3. Configure additional filters. These filters are applied to the data that is used to generate the map, and include the date range, minimum connections required to add an inferred endpoint, and computer group. You can also indicate a default Group By setting. If you want to filter on one of the Group by settings, you can create a dynamic filter after the map is created. See Filter maps on page 22. 4. Click Generate. Create an endpoint map An endpoint map returns connections, applications, and raw processes that are associated with one or more IP addresses. You might create an endpoint map if you are planning to take an endpoint offline and you want to see precisely which applications could be impacted. Remember that because IP addresses can be dynamic, you might need to frequently update your endpoint maps. Endpoint maps are meant to be a temporary visualization of your environment. 2018 Tanium Inc. All Rights Reserved Page 15

Before you begin, you must have a list of IP addresses that you want to target for the map. These IP addresses must be managed by Tanium and have the Map tools installed. To get the Map tools installed on endpoints, the endpoints must be in the Map action group. See Configure Map action group on page 11. 1. From the Map menu, click Maps. Click New Endpoint Map. 2. Add endpoint targets to the map. Click Add Target IP Address and indicate the IP address that you want to add to the map. 3. Configure additional filters. These filters are applied to the data that is used to generate the map, and include the date range, minimum connections required to add an inferred endpoint, and computer group. You can also indicate a default Group By setting. If you want to filter on one of the Group by settings, you can create a dynamic filter after the map is created. See Filter maps on page 22. 4. Click Generate. 2018 Tanium Inc. All Rights Reserved Page 16

Exploring data A map displays the endpoints that are associated with an application or set of defined IPs. You can drill down to individual application components to see how an application is dependent on each endpoint. Explore maps 1. Change the map grouping to reveal different types of patterns. You can change the Group By setting to AD Domain, AD Organizational Unit, Chassis Type, Domain Name, Operating System, Tanium Client Subnet, Time Zone, or Virtual Platform. If a group consists of multiple categories, each category is displayed in a different color. 2018 Tanium Inc. All Rights Reserved Page 17

2. Click a group to display a list of the endpoints in the group node. To visualize all of the endpoints in the group, double click the group node. 2018 Tanium Inc. All Rights Reserved Page 18

3. Show endpoints in the map. To highlight specific endpoints in the map, select the endpoints from the list, then click Show Selected. 4. Look at inferred nodes. Inferred nodes are computers or other network devices that are communicating with your endpoints, but do not have the Tanium Client installed. Click the Inferred nodes group in the map to view a list of IPs. 5. To collapse expanded groups, click Collapse All. View endpoint details Drill down to a specific endpoint to see the applications and processes that are running on that host. For example, if you are planning to perform maintenance on an endpoint, you 2018 Tanium Inc. All Rights Reserved Page 19

can see what applications might be affected by the outage. 1. From an application or endpoint map, double click an endpoint node. 2. Click the Defined Applications tab. The list of applications comes from the defined applications in Map. These applications might be dependent on the selected endpoint. 3. Click the Processes tab. Review the list of processes. Expand a process section to view more information, including the ports and full path. 2018 Tanium Inc. All Rights Reserved Page 20

If you see that a process listed is a component of an application that you want to 2018 Tanium Inc. All Rights Reserved Page 21

map, select the process and click Actions. You can add the process to a new application, existing application, or view the process in the map. Filter maps Simplify the map by filtering the contents. For example, you might want to focus on servertype operating systems when you are looking at an application map to remove the users of the application from the map. 1. In a map, expand the Filter Results section. 2. Add filters. Click Add to create a filter rule that is at the same level as the selected rule. If you create multiple rules, the rules are combined with an AND operator. When you are done editing the filter, click Apply. 3. To remove the filter on the map, click Clear Filter. Refresh map data The map shows the time that the data was last updated. If you want to update the data in the map, click Refresh Data. The saved question is asked of the endpoints again to populate the map. To view the results of the saved question that is used to generate the map, click Interact. 2018 Tanium Inc. All Rights Reserved Page 22

Troubleshooting Map To collect and send information to Tanium for troubleshooting, collect logs and other relevant information. Collect logs The information is saved as a compressed ZIP file that you can download with your browser. 1. From the Map home page, click help, then the Troubleshooting tab. 2. Click Collect. 3. When the status shows as Collected, click Download. A map-support. [timestamp].zip file downloads to the local download directory. 4. Attach the ZIP file to your Tanium Support case form or send it to your TAM. Tanium Map maintains logging information in the Map.log file in the \Program Files\Tanium\Tanium Module Server\services\Map directory. Problem: Map data is not showing up for an endpoint If you are not getting results from one or more of your endpoints, try the following actions: From the map, click Interact to view the results of the question that is generating the map. Click Refresh Data to update the data that is showing in the map if necessary. Check the status of the map tools. Ask the question: Get Map - Tools Version from all machines Uninstall Map 1. From the Main menu, click Tanium Solutions. 2. Under Map, click Uninstall. Click Proceed with Uninstall to complete the process. 2018 Tanium Inc. All Rights Reserved Page 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback