Troubleshooting Benchmark

Tanium Cloud is a self-monitored service, designed to detect failures before the failures surface to users. For more information, see Tanium Cloud Deployment Guide: Troubleshooting Tanium Cloud.

Monitor and troubleshoot Risk health

The Risk Health page includes two charts to monitor the health of the module: Risk Coverage and Risk Vector Calculation Issues.

Risk Coverage

The Risk Coverage chart shows the coverage status of all endpoints on which risk vector scores were calculated in the last 30 days. The coverage metrics might report endpoints as Optimal, Needs Attention or Initializing. The Optimal status indicates that all necessary tools, configurations, and scans are installed and complete for an endpoint. The Initializing status is a transient status that returns when an endpoint is downloading required tools, configuring, or waiting on completion of an initial scan. No action is needed for Optimal or Initializing states.screen capture of the Risk Coverage chart

Risk Vector Calculation Issues

The Risk Vector Calculation Issues chart breaks out the data from the Risk Coverage chart by vector. Use this chart to determine the vectors for which endpoints are unable to allow calculations.

Click the Risk Vector Calculation Issues chart title to open the Risk Health page, which includes a table that lists specific endpoints that are unable to allow risk vector calculations.

The following table lists contributing factors into why the coverage metric for a vector might report endpoints as Needs Attention, and corrective actions you can make.

Vector Contributing factor Corrective action
All vectors

Endpoints do not have the latest Risk tools installed

Ask this question in Interact to determine whether endpoints have the necessary tools installed: Get Endpoint Configuration - Tools Status Details contains Risk from all machines

Check for endpoints where the Status column lists as Not Installed or Error. Reinstall the tools on the endpoint. For more information, see Endpoint Configuration User Guide: Reinstall one or more tools installed by Endpoint Configuration.

All vectors

Endpoints do not have the latest tools for a required solution installed

Ask this question in Interact to determine whether endpoints have the necessary tools installed: Get Endpoint Configuration - Tools Status Details having Endpoint Configuration - Tools Status Details:Tool Name contains <Solution associated with the vector> from all machines. Substitute the following solution names for the vector that you are troubleshooting:

  • System vulnerability: Comply
  • System compliance: Comply
  • Administrative access: Impact
  • Password identification: Reveal
  • Expired certificates: SSL Server Audit
  • Insecure SSL / TLS: SSL Server Audit

Check for endpoints where the Status column lists as Not Installed or Error. Reinstall the tools on the endpoint. For more information, see Endpoint Configuration User Guide: Reinstall one or more tools installed by Endpoint Configuration.

System Vulnerability

  • Endpoints do not have the latest scan engine installed
  • Specific endpoints missing Comply tools, scan engines, or JREs
  • Issue with a specific endpoint that might prevent Comply from running successfully

If endpoints return the status Needs Attention for the System Vulnerability vector, use these steps to troubleshoot further: Comply User Guide: Monitor and troubleshoot Comply coverage.

System Compliance

  • Endpoints do not have the latest scan engine installed
  • Specific endpoints missing Comply tools, scan engines, or JREs
  • Issue with a specific endpoint that might prevent Comply from running successfully

If endpoints return the status Needs Attention for the System Compliance vector, use these steps to troubleshoot further: Comply User Guide: Monitor and troubleshoot Comply coverage.

Administrative Access

Python tools are not installed

If endpoints return the status Needs Attention for the Administrative Access vector, use these steps to troubleshoot further: Impact User Guide: Monitor and troubleshoot Impact coverage.

A 0 score is returned for Linux endpoints, macOS endpoints and Windows endpoints that are not joined to a domain. Tanium Impact is used to measure this vector and is supported only on domain-joined Windows endpoints, so this vector applies only to domain-joined Windows endpoints with the Impact tools.

Password Identification

Index Health and Configuration

If endpoints return the status Needs Attention, use these steps to troubleshoot further: Reveal User Guide: Monitor and troubleshoot Reveal coverage.

Expired Certificates

Insecure SSL/TLS

SSL Server Audit Tools are not installed

Ask this question in Interact to determine whether endpoints are missing the tools: Get SSL Server Audit Tools Required from all machines.

If endpoints return the status Not Installed or Missing: <package name>, reinstall the SSL Server Audit tools on the endpoint.

Remove Benchmark tools from endpoints

You can deploy an action to remove Benchmark tools from an endpoint or computer group. Separate actions are available for Windows and non-Windows endpoints.

  1. In Interact, target the endpoints from which you want to remove the tools. For example, ask a question that targets a specific operating system:
    Get Endpoint Configuration - Tools Status from all machines with Is Windows equals true
  2. In the results, select the row for Benchmark, drill down as necessary, and select the targets from which you want to remove Benchmark tools. For more information, see Tanium Interact User Guide: Drill Down.
  3. Click Deploy Action.
  4. For the Deployment Package, select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.
  5. For Tool Name, select Benchmark.

  6. (Optional) By default, after the tools are removed they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation. Re-installation occurs almost immediately.

    If reinstallation is blocked, you must unblock it manually:

    • To allow Benchmark to reinstall tools, deploy the Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows] package (depending on the targeted endpoints).

    • If you reinstall tools manually, select Unblock Tool when you deploy the Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows] package.

  7. (Optional) To remove all Benchmark databases and logs from the endpoints, clear the selection for Soft uninstall.

    When you perform a hard uninstallation of some tools, the uninstallation also removes data that is associated with the tool from the endpoint. This data might include important historical or environmental data. If data that you want to keep is associated with the tool, make sure you perform only a soft uninstallation of the tool.

  8. (Optional) To also remove any tools that were dependencies of the Benchmark tools that are not dependencies for tools from other solutions, select Remove unreferenced dependencies.

  9. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  10. Click Show preview to continue.
  11. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

Contact Tanium Support

To contact Tanium Support for help, sign in to https://support.tanium.com.