Release Notes Integrity Monitor (Version 2.5)
Thank you for choosing Tanium. This document is intended to document the release of Tanium Integrity Monitor.
Important Notes
If you are also using Threat Response, Integrity Monitor should be upgraded to at least 2.5.2.0003 before Threat Response is upgraded to 2.4.0.0161 in order to reduce chances of missing events.
Integrity Monitor 2.3.0.0018 has removed support for Windows Legacy operating systems (Windows older than Windows 7 / Server 2008R2). The Integrity Monitor team will continue to support any existing customers who are still using Integrity Monitor versions released prior to version 2.3.0.0014 and will provide guidance to customers who need assistance with migration to the latest releases. Prior versions containing these features will continue to be supported per your support agreement with Tanium.
Integrity Monitor 2.3.0.0018 Windows client minimum version has been raised to 7.2.314.3211, which is in line with the minimum Linux client version. Integrity Monitor tools will not install on client versions lower than 7.2.314.3211 now. The recommended version for all supported OSes can be found in the documentation.
Tanium Integrity Monitor 2.5.2.0003
Release Date: April 28, 2020
Feature Improvements
- A few changes have been made to better align privileges with upcoming platform features and offerings.
- Two new roles have been added
- Integrity Monitor Operator
- This role is functionally the same as the Integrity Monitor administrator but cannot be used as a service account.
- Integrity Monitor Service Account
- This role is meant to function as the service account user for Integrity Monitor. No other roles should be required for the service account to function correctly if assigned this role.
- Integrity Monitor Operator
- API documentation has been moved to the Documentation tab under Help top rail button
- Two new roles have been added
- Previously hidden sensors are no longer hidden
- Integrity Monitor Filtered File Events Overview
- Integrity Monitor Filtered File Events Details
- The Tanium Client templates have been removed from the default templates. Please contact your TAM if you need these templates.
- Provides compatibility with Tanium Recorder Extension 2.2
Resolved Issues
- Resolves an issue where deleting a rule required two rule deployments to actually delete the rule on the endpoints.
- Resolves some UI issues with the rules/labels screens.
- Resolves an issue that would cause the user to not be able to get sensors for setting up ServiceNow integration.
- Resolves an issue where a ServiceNow sync failure would cause all ServiceNow sync functionality to stop working until a service restart.
Dependencies
- Index: Upgraded from 2.5.3.0005 to 2.5.5.0006
- Provides compatibility with Tanium Recorder Extension 2.2
- Allows for ignoring Tanium process related activity on Linux when using Tanium Recorder Extension to know what files should be hashed.
- This can be configured in Integrity Monitor using configuration overrides.
- The changes will still be found on the next hashing pass by Index.
- Resolves issues around Threat Response integration and installation.
- Tanium Client Recorder Extension: Upgraded from 2.1.0.1697 to 2.2.0.1528
- Includes Linux Netlink support. Tanium Client Recorder Extension installs on Linux Kernels >3.16 will automatically use Netlink after a client reset. Recorder 2.2 on Linux will fall back to auditd if Netlink is not available.
- Raw logging on Linux systems is changed. The recorder will no longer load the Tanium auditd rules by default if raw logging is enabled.
- Recorder 2.2+ installs and upgrades stop with an error message if auditd raw logging is on. You can override this, but running auditd with raw logging is highly discouraged.
- Overriding the safety check that stops recorder 2.2 from installing or upgrading over raw auditd logging is not encouraged.
- To review system status, ask:
- Get CX - Status from all machines with (is Linux equals true and running processes equals auditd)
- If Recorder cannot use Netlink, you will see a health_check entry in the results.
- For more information, please contact your TAM.
- Tanium Python
- Version (2.7): 1.3.0.44
- Version (3.8): 1.3.0.44
- Tanium Client Extensions: Upgraded from 2.2.0.1113 to 2.2.0.1117
- Resolves an issue with Client Extension installations timing out by unsetting DisableTrace registry key at the time of installation.
Additional Information
Known Issues and Workarounds
- The Endpoints Recording count always reports 0 when not viewing with Tanium Administrator permissions.
- Hybrid/Hashing mode can have issues when changing watchlists, including reporting events incorrectly.
- Some delete events may not contain the entire path on Linux endpoints.
Requirements
- Tanium Connect 4.0 and above.
- Monitoring permission change events.
- Windows NT 6.1 (Windows 7 / Windows Server 2008 R2) or above requires enabling System Audit Policies.
Supported Tanium Platforms
Tanium Server 7.2, 7.3, 7.4