Currently Supported Versions
This documentation includes content for releases that might not be available on-premises. For the latest on-premises Discover documentation, see the PDF version of Tanium™ Discover User Guide version 4.7.160.
Succeeding with Discover
Follow these best practices to achieve maximum value and success with Tanium Discover. These steps align with the key benchmark metrics: increasing the percentage of managed endpoints and reducing the amount of time it takes to bring endpoints under management by Tanium.
Step 1: Gain organizational effectiveness
Complete the key organizational governance steps to maximize Discover value. For more information about each task, see Gaining organizational effectiveness.
Develop a dedicated change management process.
Define distinct roles and responsibilities in a RACI chart.
Validate cross-functional organizational alignment.
Develop a deployment plan.
Track operational metrics.
Step 2: Install Tanium modules
Install Tanium Discover. See Installing Discover.
Configure default action group computers. See Installing Discover.
Install Tanium Connect. See Tanium Connect User Guide: Installing Connect.
Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.
Install Tanium Direct Connect. See Tanium Direct Connect User Guide: Installing Direct Connect.
Install Tanium Client Management, which provides Tanium Endpoint Configuration. See Tanium Client Management User Guide: Installing Client Management.
When you import Discover with the Tanium Recommended Installation workflow, the following default settings are configured:
The following default setting is configured:
| Setting | Default value |
|---|---|
| Action group |
|
| Level 2 ping distributed profile | This profile is created and deployed to all Tanium Clients. For more information about this type of profile, see Level 2 (ping). |
Step 3: Define labels 
Step 2: Define labels
Start with the Discover Label Gallery. Import the Collection of labels for New Deployment or POC. This collection includes labels for commonly unmanaged devices based on the manufacturer name, and a label that purges interfaces that have not been seen in 30 days.
In addition to these sample labels, customize labels for your specific environment. Define a label for targeting installation of Tanium Client on unmanaged interfaces.
See Labels.
Step 4: Run distributed Discover scans
Step 3: Run distributed Discover scans
If you already have the Tanium Client installed on a few endpoints in a subnet, you can use distributed scans. Distributed scans run on managed endpoints to identify unmanaged interfaces in targeted networks.
Based on the initial Develop a deployment plan, build a Discover profile.
If you are using a by-subnet deployment policy, test and continue to add subnets to the profile until you are comfortable that all required networks are covered.
See Running distributed scans.
Step 4: Run satellite scans
Step 5: Run satellite scans
Satellite scans are run from endpoints configured as "satellites" that can scan unmanaged devices on subnets that cannot be scanned using a distributed scan. Satellites are configured and verified in Tanium Direct Connect.
For more information about managing satellites, see Tanium Direct Connect User Guide: Managing satellites.
Based on the initial Develop a deployment plan, build a Discover satellite profile.
If you are using a by-subnet deployment policy, test and continue to add subnets to the profile until you are comfortable that all required networks are covered.
Step 6: Run centralized Discover scans
Centralized scans are run from the Tanium Module Server and can scan environments where no managed endpoints are available, such as Amazon Web Services (AWS) or an unmanaged subnet.
If you have an AWS environment with EC2 instances you would like to scan, you can create a centralized Amazon Web Services EC2 Cloud API scan. This scan uses the AWS API to get information about your EC2 instances.
If you have subnets that contain no Tanium Clients, run a centralized Nmap scan on the subnet targets.
See Running centralized scans.
Step 7: Assign locations
Step 5: Assign locations
Populating any information you have about your network before running Discover scans enriches the data that is returned. After you run scans, you might find networks that you did not originally know about. You can update the locations information to further populate locations in subsequent scans.
Determine a source for all network locations that exist in the enterprise. Typically the network team has this information in an IP Address Management (IPAM) database.
Create a CSV file to import into Discover. This hierarchy helps with regional identification of interfaces.
See Locations.
Step 8: Deploy Tanium Client
Use Discover labels for targeting the installation of Tanium Client on unmanaged interfaces. See Tanium Client Management User Guide: Configure a deployment.
Step 6: Download Tanium Client 
Download and install the Tanium Client. See Tanium Client Management User Guide.
Step 9: Monitor Discover metrics 
Step 7: Monitor Discover metrics
From the Trends menu, click Boards and then click IT Operations Metrics to view the Interfaces Managed and Mean Time to Managed panels in the Discover section.
Customize Trends boards based on requirements. For example, you might build a panel of unmanaged devices in New York City based on criteria in Discover and watch it over time.
Last updated: 5/31/2023 3:43 PM | Feedback
