Enforcing policies

Create enforcements

You can create an enforcement from the policy list page, the policy details page, or the enforcements page.

  1. From the Enforce menu, click Policies.
  2. Click the Enforce icon for an individual policy.
  3. Enter a Name for the policy.
  4. The policy you selected will automatically appear in the Policy pulldown.
  5. In the Target section, select the type:
      • Computer Group - Click Select Computer Group, and choose a group that has been defined in the Administration section of Tanium Console. See Tanium Platform User Guide: Managing Computer Groups. To search for a group, type the first few letters of the group into the search field.
      • You may not have access to all computer groups that appear in the target list. Click All and Available in the target window to see every computer group or only the ones you have permissions for. Additionally, rules may limit your access to computers within the groups you select. See Enforcing policies for more information.

      • Individual Computers - Enter or paste a comma-separated list of computer names into the Computer Names field. This list must be no longer than 50 computers.
  6. In the Advanced Options section, optionally schedule a Start Time for the enforcement.
  7. Optionally, for remediation policies, you can also set the following:  
    •  End Time - You would enter an end time if you want the policy enforcement to expire after a certain time frame. For example, only allow writing to removable drives for a finite period of time.

    •  Repeat - This specifies how often enforcement actions are reissued. By default, enforcement actions are reissued every hour. The minimum allowed value for this field is 10 minutes. The default is 1 hour.

    •  Distribute Over Time - This controls whether endpoints apply enforcements the moment they receive the action (immediate) or at unique moments within the saved action interval (diffused). Diffusing enforcements over time can help prevent a surge in network traffic in exchange for a slower time to compliance.

  8. Click Create. Click Yes to confirm and create the enforcement.

To un-enforce or remove a policy from an endpoint, delete the enforcement.

To view the status of an enforcement, click the arrow on the Enforcements page to expand the details section. See Enforcement for information on each enforcement state.

Create enforcements from policy details

  1. From the Enforce menu, click Policies.
  2. Click on the policy to be enforced. This takes you to the details page for that policy.
  3. Click the Enforce icon . Refer to Create enforcements for the remaining instructions.

Enforce policies from enforcements

  1. From the Enforce menu, click Enforcements.
  2. Click the Enforce icon . Refer to Create enforcements for the remaining instructions.

View Enforcements

From the Enforce menu, select Enforcements to view enforced policies. Click on an individual enforcement to view details and filter results.

Filter Results

From the enforcement Details view, you can use the pulldown fields to filter results by items such as computer group, operating system, operators (contains or does not contain), and plain text. You can also add additional rows and groupings to the filter.

See the Tanium Interact User Guide for information about filtering and merging question results.

Remove an Enforcement

  1. From the list of enforcements, click Delete next to the enforcement you want to remove.

  2. Click Yes to confirm.