Taniumâ„¢ Client Deployment Guide

PDF
  • All Files
Documentation Home > Tanium Client Deployment Guide

Reference: Tanium Client CLI

You can use the Tanium Client 7.2 command-line interface (CLI) to view and change Tanium Client settings.

Do not run the Tanium Client 7.2 CLI commands on Tanium Client 6.0 endpoints. Issuing a CLI command on Tanium Client 6.0 endpoints starts an additional TaniumClient process that cannot be resolved, produces numerous Tanium Client log errors, and consumes resources for each command that is run.

Windows

On Windows, Tanium Client settings are written to the Windows Registry. TaniumClient.exe is the executable program. It is in the Tanium Client installation directory. The following examples show how to use the CLI.

Display help

cmd-prompt>TaniumClient --help

Usage: TaniumClient [options] <command> [<args>]

General Options:
  -h [ --help ]         Print this help message
  -v [ --version ]      Print the client version
  --verbose             Verbose output

Service Options:
  -i                    Install the Tanium Client service
  -u                    Uninstall the Tanium Client service
  -s                    Start the Tanium Client service
  -e                    Stop the Tanium Client service

Internal Tanium Options - DO NOT USE:
  -c                    Run as main client process
  -m                    Run as trace monitor process
  -a                    Run as sensor evaluator process
  -d                    Run without daemonizing

Commands:
  config          Manage client configuration
  quarantine      Manage sensor quarantine

For help on a specific command run `TaniumClient COMMAND -h`

Display config help

cmd-prompt>TaniumClient config --help

Usage: TaniumClient config <action> [<key>] [<value>]

Actions:
  config list                         List all keys and non-protected values
  config list-protected               List all keys and values
  config get <key>                    Print non-protected config value
  config get-protected <key>          Print config value
  config set <key> <value>            Set config value and try to guess type
  config set-string <key> <value>     Set string value
  config set-protected <key> <value>  Set protected string value
  config set-number <key> <value>     Set numeric value (in decimal or hex notation)
  config remove <key>                 Remove config value

Example: Get configuration settings

cmd-prompt>TaniumClient config list

Keys:
  - ComputerID: 2107232555
  - DatabaseEpoch: 2017-11-01 17:54:19.073914
  - FirstInstall: 07/09/2017 14:39:42
  - LastGoodServerName: ts1.tam.local
  - LastInstall: 01/11/2017 13:56:27
  - LogVerbosityLevel: 1
  - Path: C:\Program Files (x86)\Tanium\Tanium Client
  - RegistrationCount: 3249
  - ReportingTLSMode: 2
  - ServerName: ts1.tam.local
  - ServerPort: 17472
  - Status:
    - Status.BackPeerAddress: NoAddress_NoAddress
    - Status.BackPreviousPeerAddress: NoAddress_NoAddress
    - Status.BufferCount: 2
    - Status.ClientAddress: 512:17473:10.10.10.11_512:0:10.10.10.11
    - Status.NeighborhoodList: 512:17473:10.10.10.11_512:0:10.10.10.11
    - Status.PeerAddress: NoAddress_NoAddress
    - Status.PreviousPeerAddress: NoAddress_NoAddress
    - Status.StaleCount: 50
    - Status.StaleList: Operating System,NAT IP Address,Online,OS Platform,Available Patches,
      Running Processes Memory Usage,Download Statuses,Tanium Client Version,Disk Used Percentage,
      Reboot Required, Has Patch Files,Tanium Client Core Health,Firewall Status,Is Virtual,
      Internet Explorer Version,Disk Free Space,tempsensor_25,tempsensor_33,Installed Applications,
      Running Applications,Comply - Compliance Aggregates,Has Application Management Tools,
      Available Patch Status,Has Tanium Standard Utilities,Action Statuses,Has Incident Response Tools,
      Has Patch Tools,Installed Patches,Manufacturer,Has Hardware Tools,Is Windows,Chassis Type,Is Mac,
      IOC Detect Tools Version,Has Stale Tanium Client Data,Comply - Vulnerability Aggregates,
      Has Old Incident Response ID Files,Patch Cab Out of Date,IP Address,Is Patch Scan Force Time,Uptime,
      Network Adapters,Is Linux,USB Write Protected,Has Copy Tools,Open Ports,Installed Java Runtimes,
      Running Processes,Tanium Peer Address,Tanium Client IP Address
  - ValueSystem:
    - ValueSystem.0 0: 1
    - ValueSystem.CorrelationDecisionHaste: 1
    - ValueSystem.CorrelationRequiredConfidence: 0.69999999999999996
    - ValueSystem.CorrelationThresholdMultiplier: 1
    - ValueSystem.CorrelationVolumeMultiplier: 0.01
    - ValueSystem.PrevalenceDecisionHaste: 1
    - ValueSystem.PrevalenceRequiredConfidence: 0.69999999999999996
    - ValueSystem.PrevalenceVolumeMultiplier: 1
    - ValueSystem.ValueThreshold: 0.10000000000000001
  - Version: 7.2.314.3518

Example: Set configuration values

cmd-prompt>TaniumClient config set ServerNameList ts1.tam.local,ts2.tam.local
cmd-prompt>TaniumClient config get ServerNameList
ts1.tam.local,ts2.tam.local
cmd-prompt$ TaniumClient config set ReportingTLSMode 2
cmd-prompt$ TaniumClient config get ReportingTLSMode
2
cmd-prompt$

Non-Windows

Tanium Client 7.2 settings are written to an SQLite database instead of the TaniumClient.ini file. The TaniumClient service command is the executable program. It is in the Tanium Client installation directory. You can run it as root or use sudo to elevate privileges.

Display help

cmd-prompt$ sudo ./TaniumClient --help
Password:
Usage: TaniumClient [options] <command> [<args>]

General Options:
  -h [ --help ]         Print this help message
  -v [ --version ]      Print the client version
  --verbose             Verbose output

Internal Tanium Options - DO NOT USE:
  -a                    Run as sensor evaluator process
  -d                    Run without daemonizing

Commands:
  config          Manage client configuration
  quarantine      Manage sensor quarantine

For help on a specific command run `TaniumClient COMMAND -h`
cmd-prompt$

Display config help

cmd-prompt$ sudo ./TaniumClient config -h
Password:
Usage: TaniumClient config <action> [<key>] [<value>]

Actions:
  config list                         List all keys and non-protected values
  config list-protected               List all keys and values
  config get <key>                    Print non-protected config value
  config get-protected <key>          Print config value
  config set <key> <value>            Set config value and try to guess type
  config set-string <key> <value>     Set string value
  config set-protected <key> <value>  Set protected string value
  config set-number <key> <value>     Set numeric value (in decimal or hex notation)
  config remove <key>                 Remove config value
cmd-prompt$

Example: Get configuration settings

cmd-prompt$ sudo ./TaniumClient config list
Keys:
  - ComputerID: 3235161864
  - DatabaseEpoch: 2017-11-01 17:54:19.073914
  - HostDomainName: tam.local
  - LastGoodServerName: ts1.tam.local
  - LogVerbosityLevel: 1
  - RegistrationCount: 3333
  - Resolver: nslookup
  - ServerName: zs1.tam.local
  - ServerNameList: ts1.tam.local,zs1.tam.local
  - ServerPort: 17472
  - Status:
    - Status.BackPeerAddress: 512:17472:10.10.10.40_512:0:10.10.10.40
    - Status.BackPreviousPeerAddress: NoAddress_NoAddress
    - Status.BufferCount: 2
    - Status.ClientAddress: 512:17472:10.10.10.51_512:0:10.10.10.51
    - Status.NeighborhoodList: 512:17472:10.10.10.13_512:0:10.10.10.13,
      512:17472:10.10.10.40_512:0:10.10.10.40, 512:17472:10.10.10.51_512:0:10.10.10.51
    - Status.PeerAddress: NoAddress_NoAddress
    - Status.PreviousPeerAddress: 512:17473:10.10.10.11_512:0:10.10.10.11
    - Status.StaleCount: 34
    - Status.StaleList: Operating System,NAT IP Address,Online,OS Platform,Available Patches,
      Running Processes Memory Usage,Tanium Client Version,Disk Used Percentage,Reboot Required,
      Tanium Client Core Health,Is Virtual,Disk Free Space,tempsensor_33,Installed Applications,
      Comply - Compliance Aggregates,Has Tanium Standard Utilities,Has Incident Response Tools,Has Patch Tools,
      Installed Patches,Manufacturer,Has Hardware Tools,Is Windows,Chassis Type,Is Mac,IOC Detect Tools Version,
      Comply - Vulnerability Aggregates,Has Old Incident Response ID Files,Patch Cab Out of Date,IP Address,
      Uptime,Network Adapters,Is Linux,Open Ports,Running Processes
  - ValueSystem:
    - ValueSystem.0 0: 1
    - ValueSystem.CorrelationDecisionHaste: 1
    - ValueSystem.CorrelationRequiredConfidence: 0.69999999999999996
    - ValueSystem.CorrelationThresholdMultiplier: 1
    - ValueSystem.CorrelationVolumeMultiplier: 0.01
    - ValueSystem.PrevalenceDecisionHaste: 1
    - ValueSystem.PrevalenceRequiredConfidence: 0.69999999999999996
    - ValueSystem.PrevalenceVolumeMultiplier: 1
    - ValueSystem.ValueThreshold: 0.10000000000000001
  - Version: 7.2.314.3518
cmd-prompt$

Example: Set configuration values

cmd-prompt$ sudo ./TaniumClient config set ServerNameList ts1.tam.local,ts2.tam.local
cmd-prompt$ sudo ./TaniumClient config get ServerNameList
ts1.tam.local,ts2.tam.local
cmd-prompt$
cmd-prompt$ sudo ./TaniumClient config set ReportingTLSMode 2
cmd-prompt$ sudo ./TaniumClient config get ReportingTLSMode
2
cmd-prompt$

Last updated: 3/12/2019 3:37 PM | Feedback