If you have not had the chance to use or see one of the Tanium appliances in action, you are missing out and I suggest you reach out to your TAM as soon as possible and inquire about them. Here at Chuco we are loving what Tanium is doing with this platform and how it benefits you as a customer. An appliance allows you to get rid of licensing costs for Windows and SQL (sorry Microsoft) as well as the overhead of managing yet another multi-system environment’s needs. Along with that, in our experience and testing, Tanium running on an appliance outperforms a standard Windows-based installation in many ways. TanOS 1.3.0 was released May 24, 2018, and 1.3.1 followed shortly after on July 3, 2018. These releases bring with them some major feature updates and improvements over what was available in the previous 1.2.x releases. In this article, I will address some of the features we are most excited about.
TanOS 1.3.x introduces role-based access management (RBAC) to the appliance. You can now create user accounts for appliance management and assign 1 of 2 roles to this account, tanadmin (root level access) or tanuser (view level access).
Figure 1-TanOS 1.2.x only offers Local Authentication Service for Tanium console access
Figure 2-TanOS 1.3.x added System User Management for appliance management account creation
Figure 3-Appliance management account creation with role options 1.3.x
Appliance Logon Visibility
Along with the ability to create accounts to manage the appliance, you can also view the last 20 successful or failed logins and login statistics for those accounts. Rather than sharing a single account like in 1.2.x you can now set your administrators up and see who logged in, when and from where.
Figure 4-Example of Login Statistics Page
TanOS Virtual Appliance General Availability
This virtual appliance is something Chuco has been using in our lab since the release of 1.2.1 and it is an amazing step forward for Tanium. While only approved for pre-production labs, the GA release of 1.3.1 is a great compliment to the hardware appliance in that allows you to host a dev/test version to better manage a like for like promote to production and testing model.
SYSLOG and Email Alerting
TanOS 1.3.x introduces the ability to send appliance alerts using SYSLOG or Email as the means of delivery. This function has been added to the appliance maintenance screen. Since the appliance can not be managed or monitored from an OS perspective due to the lack of access to the system shell, this is a fantastic feature for enterprises where availability or issue resolution timeliness is key.
Figure 5-Appliance Maintenance Menu 1.2.x
Figure 6a-Appliance Maintenance Menu 1.3.x
Figure 6b-Alerting Menu 1.3.x
Database Operations Additions and Menu Consolidation
In TanOS 1.2.x you could do database monitoring (found in the Tanium Support Menu), backup the Tanium database (found in the Appliance Maintenance– > Backup/Restore Menu), and restore the Tanium database (also found in the Appliance Maintenance– > Backup/Restore Menu).
Figure 7-1.2.x Database Monitoring Option
Figure 8-1.2.1 Tanium database backup and restore options
In TanOS 1.3.x you now have the ability to manage all Tanium database functions in the Tanium Support menu under Database Operations, including some new options like Monitor Database, Database replication and failover options.