IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Integrity Monitor (Version 1.2.5)
Thank you for choosing Tanium. This document is intended to document the release of Tanium Integrity Monitor.
Tanium Integrity Monitor 1.2.5.0012
Release Date: March 20, 2018
Feature Improvements
- Adds alert to home page if monitors need to be deployed.
- Adds CPU threshold for recorder kill switch on Linux monitors.
- Updates the Linux tools status sensor.
- Reports if the recorder is enabled or disabled.
- Reports if the recorder is disabled due to the CPU kill switch.
- Reports if all required endpoint files exist.
- Reports if auditd is installed and running.
- Reports if the recorder is running.
- Reports if auditd is in immutable mode (-e 2).
- Changes adequate disk space check from three times the max DB size to two times.
- Changes adequate disk space for deploying tools to check the Tanium Client directory instead of the root directory.
- Reports current state of auditd raw logging.
- Reports current state of the CPU kill switch threshold (Reports “Not Set” if no value is present in im_recorder.json).
- Reports if recorder database is present.
- Reports version of recorder database.
- Reports time since last event was recorded into the database.
- Reports time since last Integrity Monitor event was recorder into the database.
- Reports if the recorder’s auditd rules have been installed.
Resolved Issues
- Fixes an issue where labeled events were not being sent to Tanium Connect.
- Fixes an issue where the Linux tools status sensor would report python hash mismatch.
- Fixes the adequate disk space for deploying tools to check the Tanium Client directory instead of the root directory.
- Fixes an issue where the Linux tools status sensor was not reporting “Install Needed” after removing Integrity Monitor tools.
- Updated Windows recorder to v1.0.30.221.
- Adds an index to the im_cares column on the file events table for a more performant IMFileSummary view.
- Updated Linux recorder to v0.4.31.17.
- Adds an index to the im_cares column on the file events table for a more performant IMFileSummary view.
- Allows CPU kill switch threshold to be configured in im_recorder.json.
- Adds path information in the detail column for rename events.
Additional Information
Known Issues and Workarounds
- For Window endpoints only, Tanium Integrity Monitor events can be turned off if Tanium Trace file events are turned off.
- When deleting a monitor using the all events connection with Tanium Connect v4.0.7, the remaining all events connection will not show the delete option in the workbench. Workaround is to delete the remaining all events connection using delete connection Tanium Connect API.
- For Linux endpoints only, when upgrading from Integrity Monitor v1.1.1 or older to this release, the deploy monitors action could encounter the fixed issue where the Linux event recorder stops in some cases. The issue will resolve once the latest tools are deployed to the endpoint. To avoid this issue, deploy the Integrity Monitor tools manually before deploying monitors.
- The Endpoints Recording count always reports 0 when not viewing with Tanium Administrator permissions.
Requirements
- Tanium Platform 7.0.314.6422 and above.
- For older 7.0 builds, please consult your Technical Account Manager for assistance.
- Tanium Platform 7.1.314.3071 and above for RBAC support.
- Tanium Connect 4.0 and above.
- Legacy Windows support requires Tanium Index 1.6.0 and above.
- Monitoring permission change events.
- Windows NT 6.1 (Windows 7 / Windows Server 2008 R2) or above requires enabling System Audit Policies.
- Windows NT 6.0 (Windows Server 2008 / Windows Vista) or below requires setting Tanium Index config setting
ScanFilePermissions=on.