Release Notes Map (Version 1.1)
Thank you for choosing Tanium. This article documents changes between releases of Tanium Map.
Important Note
The releases of Tanium Trace 2.9.0.0035, Threat Response 1.2.0.0037, Map 1.1.1.0006, and Integrity Monitor 1.7.0.0035 all include a significant update to how the endpoint recorder technology is distributed and managed. This update requires that if any one of the products is updated in an active environment, all of the others should be updated to at least the minimum versions specified above at the same time. Failure to do so may result in degraded functionality and potentially erroneous sensor results from those products that have not been updated. Tanium avoids the introduction of dependencies between product releases whenever possible, but it is required in this circumstance to support significant new functionality enhancements.
Tanium Map 1.1.5.0005
Release Date: 25 June 2019
Enhancements
- Bumped core-python version from 1.0.0.100 to 1.0.1.41, with the following improvements:
- Addresses issue where sensor data from endpoints contain result from incorrect sensor.
- Improves map data processing performance.
Bug Fixes
- Fixes problem where nodes were occasionally incorrectly marked as inferred.
- Fixes known issue from previous version where map question processing could cause the map service to hang.
- Fixes issue where endpoints without connection data were being rendered in the map.
Known Issues
- On upgrade, the distribute tools action sometimes doesn't run automatically. Click Initialize to force tools distribution.
- Exporting map data to CSV can produce unreliable results in some environments.
- Sometimes the application catalog is not properly distributed to endpoints.
Tanium Map 1.1.4.0017
Release Date: 18 June 2019
Enhancements
- You can now interrupt map data loading at any completion percentage, loading the map during processing. Map data continues to stream into the map. During the data loading, user interface features are limited and panel data is updated intermittently.
- Endpoint database size is reduced due to string deduplication.
- Updates the cx-core extension to version 1.0.110, with the following improvements:
- Moved build of cx-core to tanium/tanium-libcx repo.
- Bumped platform CX version to 2.0.1.3682
- The CX core extension now clears orphaned mailbox requests
- Bumped python-lib-tanium_cx to 0.0.1.49.
- Increase timeout for core heartbeat to 10 seconds, up from 5
- tanium_cx.mbox.write_and_read will now delete requests after timeout
- Improve tanium_cx.deploy.install logic to clean up previously failed install attempts
- Handle cases where old client need to be stopped before TaniumTrace.dll is removed
- Updates the core-recorder extension version from 2.4.5 to 2.5.7, with the following improvements:
- Adds static `Reset Event Recorder Database` packages
- Adds static `Install Tanium Driver` package to (optionally) deplopy and install the Tanium Driver on Windows
- Adds `Has Tanium Driver` sensor
- Updates recorder versions:
- Windows Recorder: 1.1.31.3648
- Linux/Mac Recorder: 1.0.34.13
- Tanium Driver (Controller): 1.1.0.32
Bug Fixes
- Fixed map question processing that caused communication to be blocked between the workbench and Tanium Module Server.
- Fixed problem that caused changes to map selection state to inadvertently clear the pinning state of endpoint nodes.
- Cleared hidden form inputs, preventing unnecessary data from being written during form submissions.
- Fixed time stamps in the application catalog file that is deployed to endpoints.
- Fixed duplicate endpoint rendering in map for nodes with a common IP address (for example, in virtual environments).
Known Issues
- Map question processing can occasionally cause the map service to hang. Restart the map service to temporarily fix this issue.
- Large result sets can cause question result formatting to take a very long time.
- A UI processing bug exists that causes a map to render endpoints with only "in" connections in some scenarios. However, the sensor result data is still correct. You can verify the data in Tanium Interact.
Tanium Map 1.1.3.0016
Release Date: 7 May 2019
Enhancements
- Reduces load on the Map service on the Tanium Module Server by reducing the number of requests for loading data into the endpoint panel.
- Updates to map user interface interactions:
- Pinned nodes now have an indicator that can be clicked to unpin them.
- Nodes on a map are now not pinned until they are manually positioned.
- Fixes edge case of selecting and moving multiple nodes on a map.
- Adds details to the Map - Status sensor, primarily the "Healthy" or "Problems Found" messages. "Problems Found" messages are returned in the following scenarios:
- If any of the important files are missing, including the recorder DB, map DB, and application catalog.
- If the recorder is not running or if the recorder killswitch has been tripped.
- If disk free space is insufficient on the partition where recorder or map database are located.
Bug fixes
- Fixes issue where the Save button did not work when changing Application definition from "inbound and outbound" to only "inbound" or only "outbound."
Tanium Map 1.1.2.0036
Release Date: 23 April 2019
Enhancements
- Adds the ability to export right-hand panel data from a map to a comma-separated value (CSV) file.
- Adds user interface enhancements to selecting nodes in a map.
- Updates the management content of the Tanium Client Recorder Extension to address potential errors if a timeout occurs during installation.
- There are no changes to the versions of the Tanium Client Recorder on Windows, Linux, or macOS.
- Adds new Map - Apply Recorder Settings [Windows-Mac-Linux] packages to manage Tanium Client Recorder Extension settings.
Resolved Issues
- Fixes Role-Based Access Control (RBAC) for Map.
- The three defined roles for Map - Map Administrator, Map User, Map Read Only User - now all work correctly.
- Fixes an issue where a warning banner would display saying service account needed to be configured. Made this warning clearer that this is an issue of not being able to communicate with the Tanium Module Server rather than a configuration problem.
- Reduces the number of queries to the Tanium Module Server to decrease chance of seeing the warning about not being able to communicate with the module server.
Tanium Map 1.1.1.0006
Release Date: 9 April 2019
Enhancements
- Improves the Map - Tools [Windows-Mac-Linux] packages that distribute and manage the Tanium Recorder on the endpoints.
- Updates the endpoint recorder technology that is distributed to the endpoints.
- Upgrades the Windows recorder to v1.1.31.3417, with the following improvement:
- Improvements in determining and recording process command line information.
- Upgrades the Linux and Mac recorders to v1.0.34.10, with the following improvement:
- Fixes case where recorder could use 100% CPU.
- Updates Update Endpoint Data actions to use less CPU on the endpoints.
Additional Information
- This version of Map include a significant update to how the endpoint recorder technology is distributed and managed. See important note above about minimum versions of Tanium Trace, Threat Response, and Integrity Monitor if upgrading to this version of Map if you also have any of those other solutions installed.
Tanium Map 1.1.0.0102
Release Date: 19 March 2019
Enhancements
- Adds support for specifying and matching command line arguments as part of application definitions.
- Adds initial Application Discovery implementation to help with application definition creation.
- Adds ability to manually arrange nodes on the map after they are initially positioned.
- Changes Process Path in application definitions into two fields: process path and process file name.
- Note: When editing an application definition that has the old all-in-one Process Path, a warning ribbon will be shown explaining that the user needs to verify and fix the path and file name entries.
- Updates the UI for specifying service account to be more consistent across Tanium products.
- Adds Map - Reset Database [Windows-Mac-Linux] packages to remove Map database files from endpoints.
- Adds "Add to Endpoint Map" option in endpoints tab of right-hand panel.
- Updates Update Endpoint Data actions to use less memory on the endpoints.
- Updates the database schema of map.db on the endpoints to support process command line information.
- This schema change will be reflected in Map - Status sensor output, showing a schema version of 20181121000000 (previously was 0).
- Any existing map.db files on endpoints will be migrated in-place to the new schema without loss of data.
- Updates "Add process to existing application" to support "Add process to new application".
- Adds persistent logging on the endpoints.
- Various UI updates for consistency and improved usability.
Resolved Issues
- Fixes process and command line matching to be case-sensitive for Linux and Mac endpoints.
- Fixes issue where setting Max Endpoint Database Size did not work on Linux and Max endpoints.
- Fixes issue where deleted software packages did not stay deleted.
- Fixes issue where one could not set Map action group after setting service account on a fresh install of Map.
- Various UI fixes for consistency and improved usability.
Known Issues and Workarounds
- With the database schema change of map.db on the endpoints, any old, existing connection data in the database will have "unknown" for the command line.