Reputation requirements

Review the requirements before you install and use Reputation.

Core platform dependencies

Make sure that your environment meets the following requirements:

  • Tanium™ Core Platform servers: 7.3.314.4250 or later

  • Tanium™ Client: No client requirements.

Solution dependencies

Other Tanium solutions are required for specific Reputation features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.

Some Reputation dependencies have their own dependencies, which you can see by clicking the links in the lists of Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Reputation requires.

Tanium recommended installation

If you select Tanium Recommended Installation when you import Reputation, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.

Import specific solutions

If you select only Reputation to import, you must manually import dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.

Feature-specific dependencies

Reputation has the following feature-specific dependencies at the specified minimum versions:

Tanium™ Module Server

Reputation is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

The Reputation service is automatically disabled when the disk usage of the Module Server exceeds the value of the Maximum Disk Capacity setting. The default value is 85%. For more information on how to configure the Reputation service settings, see Installing ReputationConfigure Reputation service settings.

Endpoints

Reputation does not deploy packages to endpoints. For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.

Third-party software

With Reputation, you can integrate with several different kinds of third-party software. If no specific version is listed, there are no version requirements for that software.

  • Palo Alto Networks WildFire
  • Recorded Future
  • ReversingLabs A1000
  • ReversingLabs TitaniumCloud
  • VirusTotal

Host and network security requirements

Specific ports and processes are needed to run Reputation.

Ports

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.

The following ports are required for Reputation communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17455 TCP Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Reputation security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to allow URLs on the Tanium Module Server associated with a configured reputation source. For more information about required URLs to allow, see the reputation provider documentation.

User role requirements

The following tables list the role permissions required to use Reputation. To review a summary of the predefined roles, see Set up Reputation users.

For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.

Reputation user role permissions
Permission Reputation Administrator4 Reputation Operator43 Reputation Service Account3,4

Reputation1,2

READ: Read access to the Reputation shared service

WRITE: Write access to the Reputation shared service

SHOW: View the Reputation workbench


READ
WRITE
SHOW

READ
WRITE
SHOW

Reputation Administrator

Administrative access to the Reputation shared service


ADMINISTER

Reputation Hash List2

Access to the Reputation hash list data


READ
WRITE

READ
WRITE

Reputation Provider

Access to the provider configurations


READ
WRITE

READ
WRITE

Reputation Service Account

Access to module service accounts to read and write data


EXECUTE

Reputation Whitelist Blacklist2, 54 (deprecated)

Access to the Reputation hash list data

In Reputation 6.0.77 and later, useUse the Reputation Hash List permission instead.

1 If you need access to only the Malicious tab in the Reputations section of the Reputation Overview page, you can add the Reputation show and Reputation read or Reputation write permissions to your user.

2 If you need access to only the Reputations section of the Reputation Overview page, you can add the Reputation show, Reputation Hash List read, and either the Reputation read or Reputation write permissions to your user.

3This role provides module permissions for Tanium Connect. You can view which Connect permissions are granted to this role in the Tanium Console. For more information, see Tanium Connect User Guide: User role requirements.

43 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

54 The Reputation Whitelist Blacklist read and write permissions are deprecated. When you upgrade to Version 6.0.77 or later, default roles (Reputation Administrator and Reputation Operator)During upgrade, the Reputation Operator role automatically updates automatically update to use the Reputation Hash List read and write permissions. You must manually update any custom roles that use the deprecated permissions.


Provided Reputation platform content permissions
  Content Set for Permission Reputation Administrator Reputation Operator Reputation Service Account
Plugin Reputation
READ
EXECUTE

READ
EXECUTE

READ
EXECUTE
Connect Plugin Connect
MANAGEMENT
Plugin Trends
READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

You can view which content sets are granted to any role in the Tanium Console.

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.