Reference: Tanium Containers sensors
Use the sensors contained in the Containers solution to retrieve information from the containers in the environment.
- Tanium Client Containers that run in client mode only respond to sensors in the Containers solution.
- Tanium Client Containers that run in tools mode respond to the sensors in the Containers solution, while the Tanium Clients on the Kubernetes worker nodes respond to non-container sensors.
Because containers are intended to be temporary, the sensors in the Containers solution cannot be registered with the Tanium Data Service. For more information on the Tanium Data Service, see Tanium Console User Guide: Manage sensor results collection.
Container Host Operating System
Category: Containers
Returns the Operating System generation of a managed container host.
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container Host Operating System | Text | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container Image
Category: Containers
Returns information about the images used to instantiate running containers.
Parameters
| Name | Description | Type | Possible / Default values |
|---|---|---|---|
| Container ID | If specified, only return data for the specified container ID. Otherwise, return data for all containers. | Text |
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container ID | Text | No | |
| Name | Text | No | |
| Image SHA256 | Text |
No |
|
| Image Location | Text | No | |
| POD ID | Text | No | |
| Privileged? | Text | No | |
| Labels | Text | No | |
| Process Path | Text |
No |
|
| Process Args | Text | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container Image Name
Category: Containers
Returns the names of images used to instantiate running containers.
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container Labels
Category: Containers
Returns labels defined for running containers.
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container ID | Text | No | |
| Labels | Text |
No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container Name with Image Hash
Category: Containers
Returns the names and hashes of images (not containers, but the template used to instantiate the container).
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container | Text | No | |
| Image SHA256 | Text |
No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container Network
Category: Containers
Returns network details for running containers.
Parameters
| Name | Description | Type | Possible / Default values |
|---|---|---|---|
| Container ID | If specified, only return data for the specified container ID. Otherwise, return data for all containers. | Text |
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container ID | Text | No | |
| Protocol | Text |
No |
|
| Local Address | Text | No | |
| Remote Address | Text | No | |
| Created | Text | No | |
| State | Text | No | |
| PID | Text | No | |
| Application | Text | No | |
| Command Line | Text | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container PID Count
Category: Containers
Returns the number of Process IDs (PIDs) for running containers.
Parameters
| Name | Description | Type | Possible / Default values |
|---|---|---|---|
| Container ID | If specified, only return data for the specified container ID. Otherwise, return data for all containers. | Text |
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container ID | Text | No | |
| Name | Text |
No |
|
| PID Count | Numeric | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container Running Processes
Category: Containers
Returns process details for running containers.
Parameters
| Name | Description | Type | Possible / Default values |
|---|---|---|---|
| Container ID | If specified, only return data for the specified container ID. Otherwise, return data for all containers. | Text |
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container ID | Text | No | |
| Executable Path | Text |
No |
|
| Command | Text | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container Runtime
Category: Containers
Provides detail regarding the executor of the containers, the "Container Runtime."
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container Runtime Name | Text | No | |
| Container Runtime Version | Text |
No |
|
| Container Runtime API Version | Text | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Container Stats
Category: Containers
Provides runtime resource utilization statistics for running containers.
Parameters
| Name | Description | Type | Possible / Default values |
|---|---|---|---|
| Container ID | If specified, only return data for the specified container ID. Otherwise, return data for all containers. | Text |
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container ID | Text | No | |
| Name | Text |
No |
|
| CPU Percentage | Numeric | No | |
| Memory Percentage | Numeric | No | |
| Memory Limit | File Size | No | |
| Network TX | File Size | No | |
| Network RX | File Size | No | |
| Disk Read | File Size | No | |
| Disk Write | File Size | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux |
Shell |
Container Uptime
Category: Containers
Provides information regarding the age of running containers.
Parameters
| Name | Description | Type | Possible / Default values |
|---|---|---|---|
| Container ID | If specified, only return data for the specified container ID. Otherwise, return data for all containers. | Text |
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container ID | Text | No | |
| Name | Text |
No |
|
| Uptime | Time Duration | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Is Managed Container Host
Category: Containers
Identifies managed endpoints that are container hosts and have the TCC/TCC tools.
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Is Tanium Client Container
Category: Containers
Returns True if the Tanium Client runs in a Tanium Client Container, False otherwise. Windows, macOS, Solaris, and AIX endpoints always return False.
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
| macOS | Shell |
| Windows | VBScript |
Kubernetes Environment
Category: Containers
Identifies the Kubernetes environment details, typically of the cloud provider.
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Infrastructure Provider | Text | No | |
| Kubernetes Product | Text | No | |
| Kubernetes Version | Text |
No |
|
| Kubernetes Service Host | Text | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Kubernetes Pods
Category: Containers
Enumerates all Kubernetes running pods including those typically hidden from view.
Columns
| Name | Type | Description |
|---|---|---|
| Pod ID | Text | |
| Name | Text | |
| Namespace | Text | |
| Status | Text | |
| Created | Text | |
| Attempt | Text | |
| Runtime | Text |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Running Containers
Category: Containers
Identifies all running containers, including those hidden and unknown to the orchestration layer (such as System or Rogue containers).
Parameters
| Name | Description | Type | Possible / Default values |
|---|---|---|---|
| Show unorchestrated only | Show containers that are running on the host, but not reported by the orchestrator. | Checkbox | Unchecked |
| Hide pause containers | Hide pause containers /pause and /usr/bin/pod | Checkbox | Unchecked |
Columns
| Name | Description | Type | Hidden |
|---|---|---|---|
| Container ID | Text | No | |
| Runtime | Text |
No |
|
| Source | Text | No | |
| Status | Text | No | |
| Created | Text | No | |
| Pid | Text | No | |
| MD5Sum | Text | No | |
| RootFS | Text | No | |
| OS | Text | No | |
| Pid Count | Integer | No | |
| LWP Count | Integer | No | |
| Arguments | Text | No | |
| Orchestrated | Text | No |
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Tanium Client Container Version
Category: Containers
Returns the version of the Tanium Client Container.
Supported Platforms
| Platform | Query Type |
|---|---|
| Linux | Shell |
Last updated: 5/30/2023 3:43 PM | Feedback