Tanium HAT contains all necessary dependencies out of the box. No installations or changes of any kind are required as the package is self contained. In summary, you need only download it and run it!
Approximately 50% of all Hygiene Assessment plugins use questions sourced from Tanium Initial Content, typically installed in every Tanium Installation out of the box. The other 50% make use of content that is product specific.
For example, the SCCM plugin that assess SCCM Hygiene relies on SCCM questions that are only included with the Tanium SCCM Content Package. Ensure you identify which plugins you want to execute and refer to “Plugin Requirements” below for a full list of Tanium Content Packages required to power each of the plugins that can be executed.
It is HIGHLY recommended to run the toolset on a machine with Internet connectivity. Internet connectivity is required for:
You have the option of running Tanium HAT in different modes to work around environments with no Internet Access.
Tanium HAT supports being executed in 3 different modes: “Tanium Data Gathering Mode”, “Internet Data Gathering Mode” and “Data Analysis Mode”. If all three modes are enabled, Tanium HAT will extract necessary data from Tanium, from the Internet, and analyze all data into PPTX Format.
You can choose to only gather Tanium data in environment with no Internet access, but data analysis will compelete with failures as it is missing data from the Internet necessary for processing data extracted from Tanium. At some point in time, all three modes must be executed against the same DATA folder to have a complete PPTX Hygiene Assessment Report as final output.
As an example workflow you may consider the following:
Execute Tanium HAT with get_internet_data set to True and analyze_data/get_tanium_data set to False on one machine that has internet connectivity, and then copy the data folder to a machine that has access to the Tanium server and run Tanium HAT again, this time with get_internet_data set to False and analyze_data/get_tanium_data set to True. Because the Internet data was extracted prior to execution, the Analysis run will not fail.
Refer to Execution modes for more information on these modes.
The following table includes all requirements for Tanium HAT Plugins, included out of the box.
Note
Community developed plugins, not listed here, may have other requirements. We’ll do our best to update this table with new requirements as other Plugins are added to the tool.
| THAT Plugin | Questions Asked | Content Required | Module Required |
| Adobe | Get Installed Applications contains “adobe” | IC | Core |
| Get Online where Installed Applications contians “adobe” | IC | Core | |
| Java | Get Installed Applications contains “java” | IC | Core |
| Get Online where Installed Applications contains “adobe” | IC | Core | |
| Get Installed Applications that start with “java” | IC | Core | |
| Patch | Get Has Patch Tools | Windows Security Patch * | Core |
| Get Available Patches | Windows Security Patch * | Core | |
| Get Avaliable Patch Status | Windows Security Patch * | Core | |
| Get Reboot Required | Windows Security Patch * | Core | |
| Patch v2 | Get Patch - Is Process Running | N/A | Patch v2 * |
| Get Applicable Patches | N/A | Patch v2 * | |
| Get Reboot Required | N/A | Patch v2 * | |
| SCCM | Get SCCM Client Communication Days Old | SCCM * | Core |
| Get SCCM Client Installed | SCCM * | Core | |
| Get SCCM Client Running | SCCM * | Core | |
| Get SCCM Client Version | SCCM * | Core | |
| Get SCCM WMI Health | SCCM * | Core | |
| Get Is Online | IC | Core | |
| TrendMicro | Get Installed Applications contains “trend micro” | IC | Core |
| Get Online where Installed Applications contians “trend micro” | IC | Core | |
| Get Trend Micro Client Version | Trend Micro * | Core | |
| Get Trend Micro Pattern Days Old | Trend Micro * | Core | |
| Get Trend Micro Patter Version | Trend Micro * | Core | |
| McAfee | Get VirusScan Enterprise Version < 8.7 from all machines | McAfee * | Core |
| Get VirusScan Enterprise DAT Version from all machines where VirusScan Enterprise DAT Days Old > 2 | McAfee * | Core | |
| Get VirusScan Enterprise On-Access Scan State contains “Disabled” from all machines | McAfee * | Core | |
| Get Installed Applications contains “mcafee” from all machines | IC | Core | |
| Get Online where Installed Applications contains “mcafee” from all machines | IC | Core | |
| Security | Get Online from all machines | IC | Core |
| Get UAC Status from all machines | IC | Core | |
| Get Windows Credential Security Settings from all machines | N/A | Incident Response * | |
| Get Local Account Last Password Change Days Ago from all machines | N/A | Incident Response * | |
| Get DNS Server from all machines | IC | Core | |
| Get Open Shares from all machines | IC | Core | |
| Get Firewall Status containing “disabled” from all machines with Firewall Status containing “disabled” | IC | Core | |
| Get Unencrypted Wireless Networks from all machines with Unencrypted Wireless Networks containing “open” | IC | Core | |
| Get Network IP Gateway from all machines with Network IP Gateway not containing “N/A” | IC | Core | |
| Tanium Statistics | Tanium Version | Tanium Info Page (json) | Core |
| Active Question Estimate | Tanium Info Page (json) | Core | |
| Total String Count | Tanium Info Page (json) | Core | |
| Question Count | Tanium Info Page (json) | Core | |
| Action Count | Tanium Info Page (json) | Core | |
| Handle Count | Tanium Info Page (json) | Core | |
| Process Count | Tanium Info Page (json) | Core | |
| Memory Available | Tanium Info Page (json) | Core | |
| Active Client Estimate | Tanium Info Page (json) | Core | |
| Unmanaged Assets | N/A | Discover * | |
| Legend: | |||
| (*) Special/Distinct Content Required |