IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Discover (Version 3.2)
Tanium Discover 3.2.10.0003
Release Date: June 23, 2020
Issues Addressed
- Fixed import process to prevent issues with importing data and updating timestamps on existing data when MAC addresses were missing from scan results.
- Internal performance improvements for Tanium Server communication
Tanium Discover 3.2.8.0003
Release Date: June 2, 2020
Improvements
- Improved warnings on workbench to specify if the service account has been provided or the background service session has not yet been acquired
- Ensure Connect integration works by adding Connect privileges to the Discover Service Account role
- Upgraded to Tanium Python 1.4.0.45
Issues Addressed
- Fixed potential upgrade issue when 3.1.x files are not removed during installation
- When a centralized Nmap scan on a Windows Tanium Module server exceeds its timeout, the nmap.exe process is terminated
- Fixed installation of Nmap for endpoints running SLES 11
- Fixed import issue when the Discover service account is assigned Unrestricted Management Rights, instead of All Computers
- Fixed issue with redaction of service account username from the workbench when accessed by Discover Operator also being applied to Discover Administrators
Tanium Discover 3.2.3.0007
Release Date: May 12, 2020
Issues Addressed
- Interfaces that are discovered with Centralized Nmap scans will no longer update First Seen on each import
- Distribute Tools actions will always get updated to use new Discover - Tools Version sensor, and not subject to the timing of the upgrade from 3.x
- Built-in label Unmanageable OS Platforms includes the new ping TTL OS types (Linux/Mac and Solaris/AIX) on upgrade
- Increased timeout for installation to help when service start is slow
Tanium Discover 3.2.2.0010
Release Date: May 5, 2020
Major Features
- Scan unmanaged subnets with a centralized Nmap scan from the Tanium Module Server (either TanOS or Windows)
- Install Nmap utility when the first centralized Nmap profile is created, remove Nmap when the last centralized nmap profile is removed
- Infer operating system platform with Level 2 Simple ping script scans, based on the TTL of the response for all supported platforms, except Solaris
- If the target blocks ICMP, then no OS platform is detected
- Three possible values for the OS detection:
- Windows
- Linux/Mac (TTL cannot distinguish)
- Solaris/AIX (TTL cannot distinguish)
Enhancements
Nmap
- Nmap scans have a default source port of 17000
- Nmap is distributed as a tarball to Windows (no longer using CAB file)
- No longer provide the NSE scripts with our Nmap installation
- If a distributed Nmap scan has any sort of execution problem, the scan fails back to a ping (level 2) scan
Centralized scans
- Scan windows are now supported for both AWS and Centralized Nmap scans
- The centralized-scan-results folder and all its contents are now exported with the troubleshooting zip file. This file includes scan results with IP addresses, MAC addresses, ports, and so on
- Centralized scans cannot be set to run more frequently than once per hour
- The value for host-timeout used with centralized Nmap defaults to "120s"
Content changes
- Tools Packages are now one per platform
- Discover - Tools [platform]
- Discover - Remove Tools [platform]
- Tools distribution is controlled with new Sensor and SQ (Discover - Tools Version)
- Distribute Tools and Distribute Scan actions will be rewritten on upgrade to use the new Discover - Tools Version sensor in their targeting questions
- Removed Discover Tools Needed sensor
Workbench changes
- Hide Required Configuration section after steps are completed
- Update Help section to include a link to the Discover Label Gallery
Changes to included components
- Upgraded from Node 10 to Node 12.14.1
- Upgraded SQLite 4.0.6 to 4.1.1
- Upgraded from OUI 10.0.38 to 11.0.4
- Npcap remains at 0.9984 (not upgraded)
- Note that Npcap versions beyond 0.9984 use a different cryptographic signature and installations may fail on Windows Vista, 7, and 2008
Functionality Removed
- Discover Client Deploy (DCD) is no longer supported, even if you have DCD installed and configured
- DCD is not uninstalled on upgrade; manually uninstall DCD and use Tanium Client Management to deploy to unmanaged endpoints
- Removed Discover - Tools Needed sensor (replaced with Discover - Tools Version sensor)
RBAC Changes
- Add Discover Operator role. This role has the same permissions as Discover Administrator, allowing manipulation of Discover Profiles and Locations, but does not permit changing any settings
- Add discover locations write privilege, which allows modification of Discover locations. The location permissions are still controlled by discover location permissions write
- Select the “Overwrite Content” checkbox during import of Discover (on upgrade)
- All routes now require (at least) discover use api permission
Other Issues Addressed
- VMs discovered with an AWS EC2 centralized scan now have “AWS” as the Manufacturer, instead of “Unknown”
- Endpoint isolation is determined by Neighborhood List on Windows, Solaris and AIX, but Forward/Backward Peer on Mac/Linux
- Support scans from endpoints with /32 subnet masks
- Use of the new Discover - Tools Version sensor prevents downloading Tools package when insufficient disk space exists on endpoint
- Marking interfaces as unmanageable from the label creation view will now be correctly applied to only those interfaces in that view
- Open ports reported to Connect were being improperly formatted causing multiple port numbers to be interpreted as a single large number
- No longer attempt OUI lookup on interfaces without a MAC address (was causing noisy error logs)
- Fixed scanning issue if the ServerName for the Tanium Server includes the port
- Resolved permissions issues that let a Discover User without permissions to some specific locations to create a label that affected interfaces at any location. To resolve this issue, the Discover User role can no longer define labels when location permissions are defined by the Discover Administrator (removed Discover Tag Write permission on Discover User)
- To give these users permissions to create labels, assign the Discover Locations Permissions Write permission
- If location permissions are not defined, the Discover User role can continue to create labels and continues to have the Discover Tag Write permission
Security Update
- This release includes security updates. For details, including affected versions and mitigation information, see the Tanium Support Portal, or contact your TAM
Known Limitations
- Interfaces that are discovered with Centralized Nmap scans trigger any labels using First Seen as a recent criteria, because First Seen is updated on each import
- Workaround: Update any label that would be applied to interfaces resulting from a centralized Nmap scan to also require that MAC is not empty
- On upgrade from 3.x, there is a possibility that the Distribute Tools actions will not be properly updated to use the new Discover - Tools Version sensor
- Workaround: Delete any Distribute Tools actions that are misconfigured and wait a few minutes for them to be automatically recreated
- On upgrade, the Unmanageable OS Platforms built-in label does not get updated with the new OS values for ping: "Linux/Mac" and "Solaris/AIX" which will cause those discovered endpoints to be marked unmanaged
- Workaround: Edit the rule to add these conditions: AND OS Platform Is not equal to "Linux/Mac" and AND OS Platform Is not equal to "Solaris/AIX"
Versions 3.2.0 and 3.2.1 were not externally released