Succeeding with Integrity Monitor
Follow these best practices to achieve maximum value and success with Tanium Integrity Monitor. These steps align with the key benchmark metrics: increasing Integrity Monitor coverage and reducing unexpected changes per endpoint.
Complete the key organizational governance steps to maximize Integrity Monitor value. For more information about each task, see Gaining organizational effectiveness.
Develop a dedicated change management process.
Define distinct roles and responsibilities in a RACI chart.
Validate cross-functional organizational alignment.
Track operational metrics.
Install Tanium Client Management and Tanium Endpoint Configuration. See Tanium Client Management User Guide: Installing Client Management.
Install Tanium Trends. See Tanium Trends User Guide: Installing Trends.
Install Tanium Connect. See Tanium Connect User Guide: Installing Tanium Connect.
Install Tanium Integrity Monitor. See Installing Integrity Monitor.
Configure the service account. See Configure the Integrity Monitor service account.
Create computer groups with dynamic membership. See Tanium Console User Guide: Create a computer group.
Import the Integrity Monitor board from the Trends initial gallery. See Tanium Trends User Guide: Importing the initial gallery. If you installed Trends using the Apply Tanium recommended configurations option, the Integrity Monitor board is automatically imported after the Integrity Monitor service account is configured.
Use monitors to determine scan settings and frequencies for groups of endpoints.
Create a monitor, naming it based on the operating system, business unit, or application group you want to monitor.
Enable the Collect process and user attribution information option for the best coverage of events.
Configure a Monitor Pruning Age that meets the requirements of any applicable compliance standards and manages the database size on endpoints.
Select the computer groups that contain the endpoints you want to monitor. Target the monitor as broadly as possible, such as to All Windows Servers.
After you create monitors, click Deploy Monitors to deploy the monitors to the selected endpoints.
Watchlists define a set of files, directories, and Windows registry paths that you want to monitor for changes.
Create a watchlist, naming it based on the application, business unit, or compliance standard you want to monitor.
Select a Windows or Unix path style. You must use separate watchlists for Windows and non-Windows endpoints.
Select the computer groups that contain the endpoints on which you want to monitor the selected paths for the watchlist. Target the watchlist narrowly to watch only the necessary paths on the appropriate endpoints.
(Optional) Start from a built-in template, and add custom file or registry paths to specify the files, folders, or registry paths you want to monitor.
Configure inclusions and exclusions for each path to refine the files, folders, or registry paths that you are monitoring.
Monitor the overview of changes.
Make adjustments to paths, inclusions, and exclusions in watchlists to exclude events that do not need to be monitored.
Monitor detailed events using questions and Tanium Connect.
See Viewing events.
After watchlists are tuned to capture only events of interest, create rules to automatically label events and help differentiate among planned, expected, ignored, and suspicious changes. See Create a rule.
Deploy rules. See Deploy rules.
Create a ServiceNow integration in Integrity Monitor.
Configure and establish a connection to ServiceNow.
Map the Integrity Monitor statuses of Open, Closed, and Canceled to the states used in your ServiceNow change requests and change tasks.
Configure the schedules to synchronize data with ServiceNow.
Send expected and unexpected events to the appropriate external destinations for reporting. See Sending and reporting events.
Use unlabeled events to create incidents in ServiceNow Incident Management. See Create incidents for unlabeled events in ServiceNow Incident Management.
From the Trends menu, click Boards and then click Integrity Monitor to view the Integrity Monitor - Health and Integrity Monitor - Summary Boards.
Last updated: 8/30/2023 1:18 PM | Feedback