IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Integrity Monitor (Version 1.3)
Thank you for choosing Tanium. This document is intended to document the release of Tanium Integrity Monitor.
Tanium Integrity Monitor 1.3.5
Release Date: September 4, 2018
Feature Improvements
- Adds watchlists names to Integrity Monitor File Event Details sensor.
Resolved Issues
- Upgrades windows recorder to v1.0.31.323.
Tanium Integrity Monitor 1.3.4
Release Date: August 14, 2018
Feature Improvements
- Adds change owner, group, and acl detection on Linux endpoints.
Resolved Issues
- Fixes Windows path exclusions to be case insensitive.
- Fixes path exclusions to remove trailing slashes if detected to ensure matching on the endpoint.
- Upgrade linux recorder to v0.7.34.15.
- Adds file owner, group and acl change events.
- Fixes wrong process paths when the Linux audit framework lists multiple process events out of time order or at exactly the same time.
- Fixes wrong process paths when the Linux audit framework does not list the process event. These events will show process event as “unknown”.
- Fixes memory leak due to not properly timing out string cache on database.
- Improved performance in event processing.
- Fixes memory leak due to not properly reclaiming memory for events that are removed from the processing queue.
- Fixes a race condition that could cause a crash due to referencing a part of a process event after it was deleted.
- Fixes crash when Trace is filtering “/“ from file events.
Tanium Integrity Monitor 1.3.3
Release Date: July 31, 2018
Feature Improvements
- Migrates AIX and Solaris monitors to be legacy mode monitors.
- Removes unknown process path and user columns by updating AIX and Solaris monitors to use the legacy details and overview events sensors.
- Changes legacy event sensor delimiter from `|` to `|;`.
- Adds AIX and Solaris tools status.
- Reports if currently hashing files or not.
- Reports if last hashing attempt and last completed hashing.
- Reports time bucket of last Integrity Monitor event.
- Upgrades to latest stable NodeJs version.
- Upgrades hashing performance on AIX and Solaris endpoints.
- Upgrades operating system icons.
- Adds ability to disable CPU kill switch for linux recorder.
Resolved Issues
- Fixes an issue preventing general setting configuration when client operating system’s default language is a double byte language.
- Fixes the learn event button from showing if user does not have correct privileges.
- Fixes watchlist pages to reference path style instead of operating system.
- Fixes loading spinner from remaining on the page longer than it should.
- Fixes the monitor page’s deploy monitor warning message to no longer remain after deploying monitors.
- Fixes slowness when loading the monitor list page when there are a large number of paths and reports.
- Fixes an issue where a large database could consume enough memory to prevent service from starting.
- AIX and Solaris fixes.
- Fixes content to handle file path with `|` characters correctly.
- Fixes content to return “No integrity violations found” if no events are found. “No Results” response is reserved for cases where there are issues checking the events.
- Fixes content to evaluate monitor priority on the endpoint
- Improves performance of hashing.
- Fixes content to hash all files in a directory.
- Fixes content to ensure hidden files and directories are hashed.
- Fixes content to run in a lower priority.
- Upgrade linux recorder to v0.7.33.5.
- Fixes an issue with processing process events that is causing high CPU.
- Fixes an issue where the recorder was using all available linux swap.
- Fixes poco exception by handing high number of active processes updating process end times.
- Upgrade windows recorder to v1.0.31.318.
Tanium Integrity Monitor 1.3.2
Release Date: July 3, 2018
Feature Improvements
- Adds monitoring of AIX and Solaris endpoints.
- Adds AIX and Solaris monitors.
- Replaces watchlist OS type with path type.
- Adds AIX and Solaris implementation of overview events, details events, deployment ID, endpoint config monitor status, endpoint config priority, endpoint tools needed, and endpoint tools status sensors.
- Adds AIX and Solaris tools packages and saved actions.
- Adds AIX and Solaris endpoint config packages and saved actions.
- Adds AIX and Solaris to endpoints recording home page chart.
- Adds ability to import multiple rules from a CSV file.
Resolved Issues
- Fixes documentation around service account permission requirements for Connect. Connect User role is required.
- Fixes current results to show notes from rules.
- Fixes monitor report tab from getting out of sync when switching between tabs.
- Fixes the home page's service credential Configure Now link to always correctly open the settings configuration panel.
- Fixes tools status sensor to no longer report Install Needed when the Windows recorder is disabled.
- Updates Windows recorder to v1.0.31.315.
- Fixes an issue where permission changes were not being recorded.
Tanium Integrity Monitor 1.3.1
Release Date: May 29, 2018
Feature Improvements
- Adds ability to quickly create a rule from a selected event in current results through a Learn Event action.
- Adds filter box to the add a watchlist to monitor drop down to make finding a watchlist easier.
- Updates color palette.
- Monitors that need deployment are now highlighted with yellow instead of red to denote a warning.
- Updates file events sensors to return `No integrity violations found` if everything is running properly but there are no events.
- The No results message now indicates there are no tools, old tools, or some unexpected error preventing the sensors from checking on events.
- Updates `Get Deployment ID`, `Get Monitor Status`, and `Get Priority` sensors to continue to work immediately after an Integrity Monitor upgrade.
Resolved Issues
- Fixes an issue where gathering large support files could block other workbench requests.
- Fixes tools status sensor to report state of file permission auditing on Windows and lowers not enabled message from error to warning.
- Fixes endpoints recording from dropping to zero after upgrading Integrity Monitor.
- Fixes TanOS support gathering to include additional configuration files, install, and upgrade logs.
Tanium Integrity Monitor 1.3.0
Release Date: May 15, 2018
Feature Improvements
- Adds the ability to create rules to label overview events.
- Adds rules list page.
- View active versus inactive rules.
- See last time when each rule ran.
- Adds rules detail page.
- Monitor label history improvements.
- Adds ability to see what rule labeled which event.
- Adds ability to filter history by rule, rules or manual labels.
- Adds rule information to configure, how to use, and metrics section of home page.
- Adds rules list page.
- Adds a warning message if the Integrity Monitor group is missing.
- Adds the ability to configure the log level of the Integrity Monitor service running on the Tanium Module Server.
- Changes the default log level from debug to info to reduce amount of information being logged out of the box.
- Updates all references of Endpoint Recorder or Trace Recorder to Event Recorder in the content.
- Renames toggle packages from Integrity Monitor Toggle Endpoint Recorder to Integrity Monitor Toggle Event Recorder.
- Updates install and uninstall tools to start and stop the recorder only instead of the entire Tanium Client.
- Updates Critical System Files for Windows to watch Program Files directories with a directory depth limit of one.
Resolved Issues
- Fixes an issue where whitespace in the last line of trace.conf was causing issues.
- Fixes an issue where the file permissions for trace.conf may not be correct.
- Fixes an issue on Windows where endpoints would run the last monitor deployed to it instead of the highest priority one.
- Fixes issue where a file event sensor running on a endpoint with old version of tools would print an error that tools are out of date but continue to run.
- Fixes Linux tools status sensor to report when endpoint resident libraries are out of date.
- Fixes an issue where to much data was being logged when there are a large number of reports.
- Fixes the collapsed left navigation menu on Internet Explorer.
- Fixes double scroll bars appearing on some pages on Internet Explorer.
- Fixes an issue where staging all monitors for delete does not surface the needs deployment message.
- Fixes an issue where deploying monitors could result in infinitely retrying.
- Updates Windows recorder to v1.0.31.310.
- Fixes an issue to reduce the rate of fragmentation of the event recorder database.
- Fixes an issue where older, early running processes could be cleaned from the event recorder database before all of their children were cleaned.
- Updates Linux recorder to v0.5.32.7.
- Fixes an issue with the pruning algorithm to reduce CPU spikes.
- Fixes an issue when using immutable "-e 2" mode, the event recorder will now put Tanium audit rules in front of the immutable flag.
Additional Information
Known Issues and Workarounds
- For Window endpoints only, Tanium Integrity Monitor events can be turned off if Tanium Trace file events are turned off.
- When deleting a monitor using the all events connection with Tanium Connect v4.0.7, the remaining All Events connection will not show the delete option in the workbench. Workaround is to delete the remaining all events connection using the delete connection Tanium Connect API.
- For Linux endpoints only, when upgrading from Integrity Monitor v1.1.1 or older to this release, the deploy monitors action could encounter the fixed issue where the Linux event recorder stops in some cases. The issue will resolve once the latest tools are deployed to the endpoint. To avoid this issue, deploy the Integrity Monitor tools manually before deploying monitors.
- The Endpoints Recording count always reports 0 when not viewing with Tanium Administrator permissions.
- Deploying updated watchlists to AIX and Solaris endpoints can result in falsely reported create and delete events.
Requirements
- Tanium Platform 7.0.314.6422 and above.
- For older 7.0 builds, please consult your Technical Account Manager for assistance.
- Tanium Platform 7.1.314.3071 and above for RBAC support.
- Tanium Connect 4.0 and above.
- Legacy Windows support requires Tanium Index 1.6.0 and above.
- Monitoring permission change events.
- Windows NT 6.1 (Windows 7 / Windows Server 2008 R2) or above requires enabling System Audit Policies.
- Windows NT 6.0 (Windows Server 2008 / Windows Vista) or below requires setting Tanium Index config setting
ScanFilePermissions=on.
Supported Tanium Platforms
Tanium Server 7.0, 7.1, 7.2