Assigning user and group criticality

Manage the criticality level of endpoints by assigning a default criticality level to apply to all users and groups or by creating rules to override the default for specified users or groups.

For information on how often endpoints and reports are updated with criticality levels, see Configure user and group synchronization settings.

Assign default user and group criticality

Assign a default criticality level to apply to all users and groups not targeted by a rule. By default, the criticality level is Medium.

  1. From the Main menu, go to Administration > Shared Services > Criticality.
  2. In Configuration > Users and Groups, select the Default Criticality level.

Create rules to assign criticality to specific users or groups

To specify different criticality levels for different groups of users or groups, create rules. You can create rules only for users and groups that belong to domains that are configured in Directory Query.

  1. From the Criticality Overview page, go to Configuration > Users and Groups > Create Rule.
  2. Enter the rule name.
  3. Select the type: User or Group.
  4. Select the criticality level and priority number for the rule.

    If you select 1, for example, rule 1 is prioritized over rule 2. You can also set the priority after creating the rule. See Prioritize criticality rules.

  5. Use one of the following options to specify the users or groups to include in the rule.
    • Rule Builder: Specify the criteria to filter on all users or groups. For example, if you are creating a user type rule, you can select Name and starts with, and then enter John to target all users whose name starts with John. The rule is applied to all users that meet the criteria. Individual users cannot be selected. Add rows or groupings to specify additional filter conditions.
    • Manual Names: Enter the user or group names. Use separate lines for multiple entries. To specify users, enter the name as DOMAIN\user1 or [email protected]. To specify groups, enter the name as DOMAIN\group1 or [email protected].
    • Names by CSV File: Upload a CSV file. The CSV file must contain each user or group name on its own line without additional information, similar to the following example:

      DOMAIN\someone
      [email protected]

  6. Click Create Rule.

Work with existing criticality rules

View user and group criticality rules

  1. From the Criticality Overview page, go to the Configuration > Users and Groups > Rules section.
  2. View the rules. The table contains the following columns:
    • Priority: Numerical value indicating rule importance or None if no priority is set
    • Rule: Name of the rule
    • Rule Type: User or Group depending on the type of the rule
    • Criticality: Criticality level of the rule
    • Rule Details: Details of the rule depending on how the rule was created
    • Groups: Number of groups targeted by the rule
    • Users: Number of users targeted by the rule
    • Actions: Edit, delete, or other actions you can make on the rule depending on the rule details
  3. To filter the rules based on criticality levels, click the corresponding toggle.

Prioritize criticality rules

You can prioritize rules to specify which rule takes precedence if a user or group is assigned to more than one rule.

Consider limiting the number of rules you prioritize to simplify criticality level management.

  1. From the Criticality Overview page, go to Configuration > Users and Groups > Rules.
  2. Click Prioritize.

    1. For existing prioritized rules, drag and drop the rules into the order you want, or use the arrows to specify the position.
    2. To prioritize an unprioritized rule, select the box next to the rule and then assign priority.
    3. To remove a priority, clear the box next to the rule.
    4. Click Save.

Manage rules

Edit or delete a rule using the options available in the Actions column in the Rules table.

You can also select a rule and click Edit or Delete . Depending on how a user or group rule was created, you can take additional actions on the rule:

  • Manual Names: Select the rule and click Copy or select Copy Names from the Actions column.
  • Names by CSV File: Select the rule and click Download or select Download CSV from the Actions column.

If you import Criticality with the Tanium Recommended Installation, you You cannot edit, delete, or otherwise modify the Default Critical Active Directory Groups rule.

Work with users and groups

View users

View all users managed by Tanium, along with the corresponding criticality levels.

  1. From the Criticality Overview page, go to the Configuration > Users and Groups > Results section.
  2. To view the users, click User. The table contains the following columns:
    • User Name: Name of the user
    • Title: Title of the user
    • Department: Department of the user
    • Domain Name: Domain of the user
    • Criticality: Criticality level assigned by default or a rule
    • In Groups: Number of groups in which the user belongs
    • Rule Name: Rule assigned to the endpoint

      The column is blank if a rule is not assigned to the user. (The user is assigned the default criticality level.)

  3. If necessary, filter the items by searching the table.

View groups

View all users managed by Tanium, along with the corresponding criticality levels.

  1. From the Criticality Overview page, go to the Configuration > Users and Groups > Results section.
  2. To view the groups, click Group. The table contains the following columns:
    • Group Name: Name of the group
    • Description: Description of the group
    • Managed By: Management of the group
    • Domain Name: Domain of the group
    • Criticality: Criticality level assigned by default or a rule
    • Users: Number of users in the group
    • Rule Name: Rule assigned to the group

      The column is blank if a rule is not assigned to the user. (The user is assigned the default criticality level.)

  3. If necessary, filter the items by searching the table.

Customize columns

You can change which columns are displayed in the table, and adjust the order of the columns.

  1. In the report, click Customize Columns .
  2. To remove a column, clear the box for the column.
  3. To adjust the column order, click and drag the column names.

View status of user and group updates

Users, groups, and computers are synchronized from domain controllers that are configured in Tanium Directory Query on a schedule that is defined in User/Group Settings tab in the Criticality Settings . Rule evaluation to apply the criticality occurs after the domain sync, when rules change, or when you manually request a sync from the User/Group Schedule tab in the Criticality Settings . For more information, see Tanium Directory Query User Guide: Managing connections to directory servers and Configure user and group synchronization settings.

To view the status of user and group updates, from the Criticality Overview page, go to Settings and click the User/Group Schedule. You can view the in-progress and planned update dates and times.