Getting started with the Tanium Console and Interact

Sign into the Tanium Console

Access the Tanium Console through a supported web browser: see Web browser requirements.

During the setup of your Tanium as a Service (TaaS) deployment, an administrator account is created that you can use to sign into the Tanium Console for the first time. This user is based on an IdP account that your organization selects as the primary administrator for your TaaS deployment. The user has unrestricted computer group management rights. The user also has the Admin reserved role, which enables access to all the features that are available in TaaS, including the ability to configure role-based access control (RBAC) for all other TaaS users.

The Tanium Console provides single sign-on (SSO) access with two-factor authentication (2FA) through a Security Assertion Markup Language (SAML) identity provider (IdP). After signing into the IdP, a user can start new Tanium Console sessions repeatedly without re-authenticating, until the IdP session times out.

The IdP session timeout is configured on the IdP server. Consult your IdP administrator for more information.

  1. Open a web browser and go to the URL for your TaaS instance.

    The URL has the format https://<TaaS instance>.cloud.tanium.com.

    The sign in page appears.

    Login page

  2. Click Sign In with SSO.
  3. If you never signed into the IdP or your IdP session has timed out, the Tanium Server redirects you to the IdP for authentication. If you previously signed into the IdP and your IdP session is active, you do not need to re-authenticate to the IdP.

By default, the Tanium Server applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Tanium Console session.

The steps to access the Tanium Console depend on where you sign in:

  • Sign in through the Tanium Server: If the Tanium Server functions as a Security Assertion Markup Language (SAML) service provider (SP) and your account on the server matches an account on the SAML Identity Provider (IdP), the Tanium Console provides single sign-on (SSO) authentication. SSO enables a user to start new Tanium Console sessions repeatedly without re-authenticating, until the IdP session times out. For details, see SP-initiated SSO.

    The IdP session timeout is configured on the IdP server. Consult your IdP administrator for more information.

    If the Tanium Server authenticates your account through local authentication or Lightweight Directory Access Protocol (LDAP) authentication instead of SAML SSO, you sign in for each session with a username and password. For details on local authentication, see User authentication. For details on LDAP authentication, see Integrating with LDAP servers.

  • Sign in through a SAML IdP portal: If the Tanium Server integrates with the IdP portal that your organization uses for accessing applications, the portal provides SSO access to the Tanium Console. For details, see IdP-initiated SSO.

After you first sign in after Tanium Server installation, the Tanium Console displays a pop-up window that shows the progress of initial content pack imports, and then opens the Tanium Solutions page. Use this page to import Tanium modules and shared services that you are licensed to use (see Managing Tanium solutions). For subsequent sign-on sessions, the Tanium Console displays its home page (https://<Tanium Server>/#/home) by default. However, if your browser URL field specified another console page (such as https://<Tanium Server>/#/actions/scheduled/) when the browser timed out or you signed out, that page opens when you next sign in through the same browser.

Sign in through the Tanium Server

  1. Open a web browser and go to the Tanium Server URL.

    The URL has the format: https://<Tanium_Server_FQDN>[:<port>]. If the Tanium Server uses the default port (443), you do not need to specify the port.

    If you are using LDAP or local authentication and SAML SSO is not configured for any user, the sign in page displays only the Username and Password fields.

    If the Tanium Server is configured to authenticate some users through SAML SSO, the sign in page displays a Sign In with SSO button and a Sign In with Password link below it.

  2. (SSO authentication only) Sign in through SAML SSO:
    1. Click Sign In with SSO.

    2. If you never signed into the IdP or your IdP session has timed out, sign into the IdP with your username and password. If you previously signed into the IdP and your IdP session is active, you do not need to enter credentials.
  3. (LDAP or local authentication only) Enter your Username and Password. If the sign-in page does not display these fields, click Sign In with Password and then enter your credentials.

    When you first sign in after the Tanium Server is installed, you must enter the username and password of the initial Tanium Console administrator account. The credentials for this account are set during server installation. This account has the Administrator reserved role and can create additional users.

By default, the Tanium Server applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Tanium Console session.

Sign in through a SAML IdP portal

  1. Go to the IdP SSO portal.
  2. If you never signed into the IdP or your IdP session has timed out, sign into the IdP using your username and password. If you previously signed into the IdP and your IdP session is active, you do not need to enter credentials.

    The IdP portal displays a tile for each application that you can access.

  3. Click the Tanium Console tile.

    The IdP redirects you to the Tanium Server and the Tanium Console opens in your browser.

By default, the Tanium Server applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Tanium Console session.

Sign out of the Tanium Console

To sign out of your Tanium Console session, go to the Main menu and select <user name> > Sign Out.

Sign out before closing the browser.

If the Tanium Server is configured to integrate with a SAML IdP, your Your IdP session can remain active even after you sign out of the Tanium Console. As long as your IdP session remains active, you can access the Tanium Console again without re-authenticating.

If you are inactive on the Tanium Console for longer than the inactivity timeout (default is 10 minutes), your session ends automatically. To change the timeout, see Set Tanium Console user preferences.

Tanium Console components and navigation

The following figure shows the common components and navigation widgets that the Tanium Console displays regardless of which Tanium module is currently open:

Figure  1:  Tanium Console components and navigation
1 Main menu (header): Navigate among Tanium modules, shared services, and the pages that you use to administer the Tanium Console and Tanium Core Platform. You can customize the border color, logo, help link URL, and some text in the Main menu: see Customizing the Tanium Console and Interact. Below the border, the The Main menu displays the following elements from left to right:
  • Logo Tanium logo: Return to the Tanium Home page from any other page in the console. You can customize the logo for your enterprise.
  • Home Home: Return to the Tanium home page from any other page in the console.
  • Modules Modules: Open the workbench (user interface) for a Tanium module. You can open modules that are imported and that you have permissions to access.
  • Administration Administration: Navigate the Tanium Console administration pages or open the workbench for a Tanium shared service that you have imported. The menu displays only the administration pages and shared services that you have permissions to access. If any actions require approval, a red number beside the menu indicates the quantity of such actions (see Managing action approval).
  • <Custom text>: By default, the area above the Build (<Platform>) <version> | Console <version> information is blank, but you can add text (Console Demo Environment in Figure  1) to help users identify the environment they are using: see Select the Tanium Console header text.
  • <Version>: The Build (<Platform>): <version> | Console: ><version> fields indicate the type of Tanium Core Platform infrastructure (such as Windows), platform version, and Tanium Console version.
  • Help: Click to go to the Tanium documentation portal, which has links to the user guides. By default, the link opens the URL https://docs.tanium.com.
  • <Current persona>: This menu appears only if you signed into the Tanium Console with a user account that has alternative personas assigned. The menu label indicates the current persona. Use the menu to switch personas. For details, see Select a persona for your Tanium Console session.
  • <Current user>: The label for this menu is the user name of the account that you used to sign into the Tanium Console. Open the menu to display the date and time when you signed into the console, or to select from the following options:
    • Preferences: Configure certain behaviors of the Tanium Console based on the user account that you used to sign in: see Set Tanium Console user preferences.
    • Local Error Log: Opens a page that lists details about the last 100 errors that were returned to the Tanium Console in response to actions taken with the browser. For details, see View and copy the Tanium Console error log.
    • Sign Out: Terminate your current Tanium Console sign-in session.
  • Warning indicator Warning: This icon appears only if warning conditions exist. The Tanium Console initially displays the warnings when you sign in. Click this icon to redisplay the warnings.

2 Module menu: The module menu is in the workbench of every Tanium module and shared service so that you can navigate the workbench pages. The menu is also in Tanium Console administration pages that have sub-pages. Figure  1 shows the expanded menu for Tanium Interact. By default, the menu is collapsed (Figure  2) until you click Options Expand. You can also select a module page without expanding the menu by hovering over Options Options or the module name and then selecting the page name.
Figure  2:  Module menu (collapsed)
Navigation pane

3 Display pane: Displays the main body of the current Tanium Console page. In Figure  1, the display pane shows the Interact Home page.

Tanium Home page

The Tanium Home page (Figure  4) serves as a site map that shows the Tanium solutions and Tanium Console administration pages that you can access. The page provides quick access to the following features, solutions, and information.

Customize the Tanium home page

To change the contents of the Tanium Home page, click Customize page Customize Page. For details, see Customize Tanium module overview pages. You can toggle between collapsing Collapse or expanding Expand a section.

View Environment Status

The Environment Status section appears only if you have Taniumâ„¢ Discover installed. The section shows the following information about your enterprise inventory:

  • Managed Endpoints: The total number of online or offline endpoints that are considered managed because they have the Tanium Client installed. Endpoints are devices such as desktops, laptops, servers, virtual machines, or containers. Click the number to issue the General Information saved question: Get Computer Name and IP Address and Operating System from all machines.
  • Discovered Network Interfaces: The number and percentage of managed and unmanaged network interfaces that Discover has found:
    • Managed Network Interfaces: Unique MAC addresses across all managed endpoints. This number might vary significantly from the number of Managed Endpoints because each endpoint can have multiple interfaces. Click the green section of the Discovered Network Interfaces chart to open the Managed Interfaces page in Discover.
    • Unmanaged Network Interfaces: Unique MAC addresses that are not currently Tanium-managed. Click the orange section of the Discovered Network Interfaces chart to open the Unmanaged Interfaces page in Discover.

    For details on discovering network interfaces, see Tanium Discover User Guide.

Explore data from endpoints

Use the Explore Data field to issue questions or click the Build Question button to open the Question Builder. For details on these Interact features, see Asking questions.

Add Quick Links

You can add links on the Tanium Home page to specific module pages that you access frequently. Go to the Quick Links section, click Edit Edit, select the pages, and click Save.

Quick Links

Add favorite Interact categories, dashboards, and saved questions

Tanium groups saved questions by dashboard and groups dashboards by category. If you frequently issue certain questions or dashboards, you can flag them as favorites on the Tanium Home page.

By default, the Home page does not display the Favorite Interact Dashboards and Favorite Interact Saved Questions sections. To display them, click Customize page Customize Page, select the check boxes for those sections, and click Save.

If the dashboards that you frequently use belong to the same category, you can also flag that category as a favorite to appear on the Home page. Expand Expand a category to see its dashboards and questions. You can also Expand Expand a dashboard to see its questions.

Figure  3:  Favorite Interact Categories
Favorite Interact Categories

To change the favorite Favorite or non-favorite Non-favorite status of a category, dashboard, or saved question, see Filter by favorites.

For details on categories, dashboards, and saved questions, see Managing saved questions.

Access Tanium module workbenches

In the Modules section, click a tile to open a module workbench. The page displays tiles only for the modules that are imported and that you have permissions to access.

Access Tanium Console administration pages

In the Administration section, click the links to open Tanium Console administration pages, or to open the workbench for a Tanium shared service that you have imported. The page displays links only for the shared services and administration pages that you have permissions to access.

Click the logo Tanium logo or Home Home in the Main menu to return to the Tanium Home page from any module page.

Figure  4:  Tanium Home page

Set up the Tanium Console and Interact

The Tanium Console and Interact are licensed as part of the Tanium Core Platform. After you install the Tanium Core Platform servers, pPerform the following tasks to set up the Tanium Console, Interact, and Tanium Core Platform:

  1. Review the system, network, security, and user role requirements for the Tanium Console and Interact. For details, see Tanium Console and Interact requirements.
  2. Import the Tanium modules and content packs that you will use: see Managing Tanium solutions.
  3. (Optional) Customize the Tanium Console and Interact. For example, you can customize the border color and logo in the Main menu, set your user preferences, and reorganize the Interact Home page. For details, see Customizing the Tanium Console and Interact.

  4. (Optional) Configure Tanium Core Platform settings such as Tanium Client subnets, proxy server settings, allowed URLs, and bandwidth throttles. For details, see Configuring the Tanium Core Platform.

  5. (Optional) Create custom content (such as packages and saved questions) to complement the Tanium-defined content that you import through Tanium modules and content packs. For details, see Content overview.
  6. (Optional) Configure sensors for automatic collection of results so that you can see stored results from endpoints that are offline when you issue questions: see Manage sensor results collection.
  7. Set up role-based access control (RBAC) to determine what users can see and do with the Tanium Core Platform. This involves configuring users, user groups, user roles, personas, computer groups, and content set permissions. For details, see RBAC overview.

Use Tanium Interact

The following are regular tasks that you perform after the initial setup of the Tanium Console and Interact:

  1. Issue dynamic questions to retrieve information about the endpoints in your network: see Asking questions.
  2. Analyze and manage question results. For example, you can drill down into the question results with additional questions, filter the Question Results grid, and export its content. For details, see Managing question results.
  3. Manage actions. For example, you can deploy ad-hoc actions or schedule recurring actions based on question results, and configure an action approval workflow. For details, see Tanium actions overview.
  4. Manage saved questions. For example, you can create saved questions, assign them to dashboards, assign the dashboards to categories, and assign saved questions to content sets based on RBAC requirements. For details, see Managing saved questions.