With Criticality, you can define levels for each endpoint, user, or group that are available to other Tanium solutions, such as Tanium™ Impact and Tanium™ Risk, to add context about the endpoint.
Possible criticality levels include the following values:
All endpoints, users, and groups are assigned to the default level, unless they are assigned to rules. For more information on how rules work, see Criticality rules.
Rules override default criticality for specific endpoints, users, or groups.
Create rules to override the default criticality based on attributes of the endpoints, for example, computer group or operating system. For example, you might create a rule to set all Windows endpoints in a specific domain to High criticality. If an endpoint is assigned to more than one unprioritized rule, the rule with a higher criticality level takes precedence. For example, if one rule sets all Windows endpoints to Medium and another rule sets all servers are set to High, a Windows server is always set to High.
You can prioritize rules to specify which rule takes precedence if an endpoint, user, or group is assigned to more than one rule. The priority of the rule overrides the criticality level of the rule. For example, if one rule is prioritized to 2 and sets all Windows endpoints to Medium and another rule is prioritized to 1 and sets Windows endpoints within a specific domain to Low, then Windows endpoints within the specified domain are set to Low.
When a rule is deleted, the endpoint criticality is set to the next highest applicable rule based on prioritization or criticality level (if no prioritized rules apply to the endpoint, user, or group). If no rule exists, Criticality assigns the default level to the endpoint, user, or group.
|Default rule||Rule type||Criticality level|
|Default Critical Active Directory Groups||Group||Critical|
For more information, see Create rules to assign criticality to specific endpoints and Create rules to assign criticality to specific users or groups.
Criticality updates endpoints and reports with different frequencies, depending on if you update the default criticality level or criticality rules.
Update to default endpoint criticality
If you modify the default endpoint criticality, the following events happen:
- Criticality immediately updates the View Endpoints table on the Overview page. Criticality updates the endpoints each hour. For more information, see View status of endpoint updates.
- Within one minute, Risk updates scores and reports for the endpoints.
Update to endpoint rules
If you modify endpoint criticality rules, Criticality updates endpoints and reports each hour.
Risk uses a different update frequency than Criticality. Depending on your configuration, Risk can update from every 15 minutes or once a day, whereas Criticality updates each hour. If it is 10:00, for example, and you modify the Risk data collection time period to be 15 minutes, Risk does not receive updated criticality levels until 11:00, even though Risk collects data at 10:15, 10:30, and 10:45.
Update to default user and group criticality
If you modify the default user and group criticality, Criticality immediately updates the Results table on the Overview page.
Update to user and group rules
If you modify user or group criticality rules, Criticality updates and reports according to the schedule that you configured in the User/Group Settings tab in the Criticality Settings . You can also manually request a sync from the User/Group Schedule tab in the Criticality Settings . For more information, see View status of user and group updates.
Criticality has built in integration with Tanium™ Impact, Tanium™ Reporting, and Tanium™ Risk.
Impact includes criticality levels for users, groups, and endpoints. For more information, see Tanium Impact User Guide: Identifying high impact users, endpoints, and groups.
Create and view reports in Reporting that include criticality levels. For more information, see Tanium Reporting User Guide: Working with reports.
Risk uses the endpoint criticality levels when calculating endpoint scores. For more information, see Tanium Risk User Guide: Configure Risk.
Last updated: 1/11/2023 9:42 AM | Feedback