Assigning endpoint criticality
Manage the criticality level of endpoints by assigning a default criticality level to apply to all endpoints or creating rules to override the default for specified endpoints.
For information on how often endpoints and reports are updated with criticality levels, see Schedule for criticality updates.
Assign a default criticality level to apply to all endpoints not targeted by a rule. By default, the criticality level is Medium.
The default Workstations rule
- From the Main menu, go to Administration > Shared Services > Criticality.
In Configuration > Endpoints, select the Default Criticality level.
To specify different criticality levels for different groups of endpoints, create rules. You can create rules only for endpoints that you have permissions to manage.
You can create rules that use any Tanium sensor or computer group. You can also create rules by a static list of names. If you create a rule that uses a sensor that is not already registered,
If you previously uploaded a CSV file to assign endpoint criticality in the Risk Settings tab, Criticality created a rule for each criticality level specified in the CSV and assigned the specified endpoints to each rule. For example, rule name v1-criticality-csv-critical is assigned to all endpoints that were listed as critical in the Risk CSV file.
- From the Criticality Overview page, go to Configuration > Endpoints > Create Rule.
- Enter the rule name.
- Select the criticality level and priority number for the rule.
If you select 1, for example, rule 1 is prioritized over rule 2. You can also set the priority after creating the rule. See Prioritize criticality rules.
- Click Select Computer Groups, select the groups to assign to the rule, and click Done. You can select from computer groups to which you have write permission.
Select limited computer groups for the rule. To edit the rule, a user must have management rights to all selected computer groups.
Use one of the following options to specify the endpoints to include in the rule.
Computer Groups: Select the computer groups to include.
Filter Builder: Specify the criteria to filter on all endpoints. For example, you can type Operating System contains win to target all Windows endpoints. The rule is applied to all endpoints that meet the criteria. Individual endpoints cannot be selected. Add rows or groupings to specify additional filter conditions.
Manual Names: Enter the computer names, separated by commas. The names must be the exact names as returned by the Computer Name sensor.
Names by CSV File: Upload a CSV file. The CSV file must contain each endpoint name on its own line without additional information. The endpoint name must be the name exactly as it is returned by the Computer Name sensor, similar to the following example:
Click Create Rule.
View criticality rules
- From the Criticality Overview page, go to the Rules section.
- View the rules. The table contains the following columns:
- Priority: Numerical value indicating rule importance or None if no priority is set
- Rule: Name of the rule
- Criticality: Criticality level of the rule
- Targeted Endpoints: Endpoint targeting criteria for rule
- Endpoints: Number of endpoints targeted by rule
- To filter the rules based on criticality levels, click the corresponding toggle.
You can prioritize rules to specify which rule takes precedence if an endpoint is assigned to more than one rule.
Consider limiting the number of rules you prioritize to simplify criticality level management.
- From the Criticality Overview page, go to Configuration > Endpoints > Rules.
- For existing prioritized rules, drag and drop the rules into the order you want, or use the arrows to specify the position.
- To prioritize an unprioritized rule, select the box next to the rule and then assign priority.
- To remove a priority, clear the box next to the rule.
- Click Save.
Review rules applied to endpoints
You can download a txt file with the rule of each endpoint. To download the txt file, click Download Criticality Status in the Rules table heading.
Edit or delete a rule using the options available in the Actions column in the Rules table.
View all online and offline endpoints managed by Tanium, along with the corresponding criticality levels.
- From the Criticality Overview page, go to the View Endpoints section.
- View the endpoints. The table contains the following columns:
- Computer Name: Result from Computer Name sensor
- Endpoint Criticality: Criticality level assigned by default or a rule
- Endpoint Rule Name: Rule assigned to the endpoint
The column is blank if a rule is not assigned to the endpoint. (The endpoint is assigned the default criticality level.)
- IP Address: Result from IP Address sensor
- Computer Serial Number: Result from Computer Serial Number sensor
- Operating System: Result from Operating System sensor
- If necessary, filter the items by searching the table.
You can change which columns are displayed in the table, and adjust the order of the columns.
- In the report, click Customize Columns .
- To remove a column, clear the box for the column.
- To adjust the column order, click and drag the column names.
You can export the table to a CSV file that contains the data for each entry in the table, including column headings. To export a table, click Export in the View Endpoints table heading.
Each hour, Criticality updates the Endpoint Criticality sensor with any criticality changes (which you made to default level, rules, or priority), and then Tanium then uses the results of this sensor to update impacted endpoints.
Last updated: 9/21/2022 11:25 AM | Feedback