Install Windows forwarder with Tanium

Prerequisite(s)



🚧

Warning!

The initial scan (we refer to as the backscan) is a comprehensive physical disk scan that is very resource intensive for a short period of time. We do not recommend installing the forwarder on critical assets early in your deployment. Think of your first several deployments as "sacrificial" in that they will take the biggest hit because they will be uploading the greatest number of unique files and each subsequent install will have less and less unique files and therefore, shorter and less intensive backscans.

Installation

  • Go to the Deploy module in Tanium
  • From Quick Links, select Package Gallery
  • Enter Stairwell into the Title filter and click Stairwell Forwarder from the dropdown box to apply the filter
  • To the far right of the Stairwell Forwarder entry, select the Down Arrow to import the package
  • Select Yes when asked to confirm this action
  • On the Stairwell Forwarder software page, select the Edit button in the top right of the view
  • Scroll down to the Deploy Operations section and under Run Command, replace the placeholders by entering your forwarder auth token and Environment ID.
    • Use the following command with your Inception Forwarder .exe file location, auth_token with your Authentication Token, and env_id with your Environment ID:
      .\\InceptionForwarderBundle.exe TOKEN="\<AUTH_TOKEN>" ENVIRONMENT_ID="\<ENV_ID>" /quiet /norestart /log C:\\stairwell.log
      
  • Scroll down to the Installation Requirements section and delete the second requirement, which is a reminder to populate the token and env_id as well as a link to this documentation.
  • The Stairwell Forwarder is now ready to be deployed using your normal process.

Confirm Installation

  • Navigate to https://app.stairwell.com and log in
  • Click on Assets
  • Click on the newly created asset name(s) to confirm the retrieval of files
  • Take note of the data under All Objects

📘

It may take a few minutes for file ingestion to begin and show in the application.