Assigning endpoint criticality

Manage the criticality level of endpoints by assigning a default criticality level to apply to all endpoints or creating rules to override the default for specified endpoints.

For information on how often endpoints and reports are updated with criticality levels, see Schedule for criticality updates.

Assign default endpoint criticality

Assign a default criticality level to apply to all endpoints not targeted by a rule. By default, the criticality level is Medium.

The default Workstations rule (automatically created unless you selected a custom import) is similar to and overrides the default criticality level. If you want to change the default criticality level for endpoints with a rule, modify the Workstations rule. If you want to change the default criticality level for endpoints without a rule, delete the Workstations rule and set the criticality level using the Default Criticality drop-down list.

  1. From the Main menu, go to Administration > Shared Services > Criticality.
  2. In Configuration > Endpoints, select the Default Criticality level.

Create rules to assign criticality to specific endpoints

To specify different criticality levels for different groups of endpoints, create rules. You can create rules only for endpoints that you have permissions to manage.

You can create rules that use any Tanium sensor or computer group. You can also create rules by a static list of names. If you create a rule that uses a sensor that is not already registered, Tanium ServerTanium Cloud automatically registers the sensor.

If you previously uploaded a CSV file to assign endpoint criticality in the Risk Settings tab, Criticality created a rule for each criticality level specified in the CSV and assigned the specified endpoints to each rule. For example, rule name v1-criticality-csv-critical is assigned to all endpoints that were listed as critical in the Risk CSV file.

  1. From the Criticality Overview page, go to Configuration > Endpoints > Create Rule.
  2. Enter the rule name.
  3. Select the criticality level and priority number for the rule.

    If you select 1, for example, rule 1 is prioritized over rule 2. You can also set the priority after creating the rule. See Prioritize criticality rules.

  4. Click Select Computer Groups, select the groups to assign to the rule, and click Done. You can select from computer groups to which you have write permission.

    Select limited computer groups for the rule. To edit the rule, a user must have management rights to all selected computer groups.

  5. Use one of the following options to specify the endpoints to include in the rule.

    • Computer Groups: Select the computer groups to include.

    • Filter Builder: Specify the criteria to filter on all endpoints. For example, you can type Operating System contains win to target all Windows endpoints. The rule is applied to all endpoints that meet the criteria. Individual endpoints cannot be selected. Add rows or groupings to specify additional filter conditions.

    • Manual Names: Enter the computer names, separated by commas. The names must be the exact names as returned by the Computer Name sensor.

    • Names by CSV File: Upload a CSV file. The CSV file must contain each endpoint name on its own line without additional information. The endpoint name must be the name exactly as it is returned by the Computer Name sensor, similar to the following example:

      computername1.domain.com
      computername2.domain.com

  6. Click Create Rule.

Work with existing criticality rules

View criticality rules

  1. From the Criticality Overview page, go to the Rules section.
  2. View the rules. The table contains the following columns:
    • Priority: Numerical value indicating rule importance or None if no priority is set
    • Rule: Name of the rule
    • Criticality: Criticality level of the rule
    • Targeted Endpoints: Endpoint targeting criteria for rule
    • Endpoints: Number of endpoints targeted by rule
  3. To filter the rules based on criticality levels, click the corresponding toggle.

Prioritize criticality rules

You can prioritize rules to specify which rule takes precedence if an endpoint is assigned to more than one rule.

Consider limiting the number of rules you prioritize to simplify criticality level management.

  1. From the Criticality Overview page, go to Configuration > Endpoints > Rules.
  2. Click Prioritize.

    1. For existing prioritized rules, drag and drop the rules into the order you want, or use the arrows to specify the position.
    2. To prioritize an unprioritized rule, select the box next to the rule and then assign priority.
    3. To remove a priority, clear the box next to the rule.
    4. Click Save.

Review rules applied to endpoints

You can download a txt file with the rule of each endpoint. To download the txt file, click Download Criticality Status in the Rules table heading.

Manage rules

Edit or delete a rule using the options available in the Actions column in the Rules table.

Work with endpoints

View endpoints

View all online and offline endpoints managed by Tanium, along with the corresponding criticality levels.

  1. From the Criticality Overview page, go to the View Endpoints section.
  2. View the endpoints. The table contains the following columns:
    • Computer Name: Result from Computer Name sensor
    • Endpoint Criticality: Criticality level assigned by default or a rule
    • Endpoint Rule Name: Rule assigned to the endpoint

      The column is blank if a rule is not assigned to the endpoint. (The endpoint is assigned the default criticality level.)

    • IP Address: Result from IP Address sensor
    • Computer Serial Number: Result from Computer Serial Number sensor
    • Operating System: Result from Operating System sensor
  3. If necessary, filter the items by searching the table.

Customize columns

You can change which columns are displayed in the table, and adjust the order of the columns.

  1. In the report, click Customize Columns .
  2. To remove a column, clear the box for the column.
  3. To adjust the column order, click and drag the column names.

Export table

You can export the table to a CSV file that contains the data for each entry in the table, including column headings. To export a table, click Export in the View Endpoints table heading.

View status of endpoint updates

Each hour, Criticality updates the Endpoint Criticality sensor with any criticality changes (which you made to default level, rules, or priority), and then Tanium then uses the results of this sensor to update impacted endpoints.

To view the status of endpoint updates, from the Criticality Overview page, hover over the icon next to Endpoints updated hourly. You can view the in-progress and planned update dates and times.