> For the complete documentation index, see [llms.txt](https://docs.vectra.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vectra.ai/configuration/tuning/noise-elimination-for-tanium-and-other-mesh-scanners.md). # Noise elimination for Tanium and other mesh scanners If you're using Tanium or other tools that do similar full mesh scanning, you may notice a high volume of benign but technically true positive detections in your Vectra environment. This is caused by **full mesh endpoint scanning**, which can overwhelm your detection surface with noise and reduce the overall signal quality of the platform. ## What You Need to Know * Full mesh scanning generates predictable, non-malicious traffic from your endpoints. * Vectra detects this traffic as part of normal operation, but the resulting detections are **not security-relevant**. * Left unfiltered, this can create unnecessary noise that obscures meaningful threat activity. ## Recommended Action To improve signal quality without losing visibility, Vectra strongly recommends the following: 1. **Configure your Tanium (or similar) deployment to use static source ports** for its scan traffic. 2. **Engage Vectra Support** to enable a Tanium-specific configuration that filters this traffic based on the source ports you define. ## What This Configuration Does * Applies a **source port-based filter** directly on the sensor. * Drops only **isession metadata** associated with full mesh scans. * **Does not impact network traffic processing, detection fidelity, or security visibility.** * All traffic is still monitored and processed—only noisy metadata is suppressed before it generates detections or appears in Stream or Recall. ## Why It Matters This filtering ensures your detection surface remains focused on **actionable threats**, not routine management traffic. You’ll reduce false positives and improve the relevance of alerts—without sacrificing any coverage. ## Next Steps Please contact Vectra Support with: * Confirmation that Tanium or other similar full mesh scanning is deployed in your environment. * The static source port(s) you’ve configured for this scanning. * Any other relevant environment context. Our team will help you apply the configuration safely and quickly. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vectra.ai/configuration/tuning/noise-elimination-for-tanium-and-other-mesh-scanners.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.