Enforcing policies

You can create an enforcement from the Policies page, an individual policy, or the Enforcements page.

Create enforcements

Create an enforcement from the Policies page

  1. From the Enforce menu, click Policies.
  2. Click Enforce for an individual policy.
  3. Enter a Name for the enforcement.

    The policy that you selected is automatically populated in the Policy field.

  4. See Complete the enforcement creation to continue creating the enforcement.

Create an enforcement from an individual policy

  1. From the Enforce menu, click Policies.
  2. Click on the policy to be enforced and then click Enforce .

    The policy that you selected is automatically populated in the Policy field.

  3. See Complete the enforcement creation to continue creating the enforcement.

Create an enforcement from the Enforcements page

  1. From the Enforce menu, click Enforcements, and then click Create Enforcement.
  2. Enter a name and select a policy.
  3. See Complete the enforcement creation to continue creating the enforcement.

Complete the enforcement creation

  1. In the Target section, select the type:
    • Individual Computers: Enter or paste a comma-separated list of computer names into the Computer Names field. This list must be no longer than 50 computers.
    • Computer Group: Click Select Computer Group, and choose a group that was defined in the Administration section of the Tanium Console. See Tanium Platform User Guide: Managing Computer Groups. To search for a group, type the first few letters of the group into the search field.

      You might not have access to all computer groups that appear in the target list. Click All and Available in the target window to see every computer group or only the ones that you have permissions to view. Additionally, rules might limit your access to computers within the groups you select. For more information, see Role-based access control and configuration visibility.

    • Question Builder: Enter a filter question or select from the list of most common questions.
    • Filter Builder - Add rows and groupings to build a filter.
  2. In the Preview section, select the computers that you want to target.
  3. (Optional) In the Advanced Options section, select and schedule a Start Time for the enforcement.
  4. (Optional) For remediation policies, you can also select and set the following options:  
    •  End Time: Enter an end time if you want the policy enforcement to expire after a certain time frame. For example, allow writing to removable drives for only a finite period of time.
    •  Repeat: Specifiy how often enforcement actions are reissued. By default, enforcement actions are reissued every hour. The minimum allowed value for this field is 10 minutes. The default is 1 hour.
    •  Distribute Over Time: Control whether endpoints apply enforcements the moment they receive the action (immediate) or at unique moments within the saved action interval (diffused). Diffusing enforcements over time can help prevent a surge in network traffic in exchange for a slower time to compliance.
  5. Click Create to create the enforcement.

To un-enforce or remove a policy from an endpoint, delete the enforcement. For more information, see Remove an enforcement.

To view the status of an enforcement on the Enforcements page, click the arrow next to an enforcement to expand the status information. You can also view the status information in the Summary section of the enforcement details page. For more information about each enforcement state, see Enforcement.

View enforcements

From the Enforce menu, click Enforcements to view enforced policies. Click on an individual enforcement to view details and filter results.

Filter results

From the enforcement Details section, you can filter results by items such as computer group, operating system, operators (contains or does not contain), and plain text. You can also add additional rows and groupings to the filter.

For more information about filtering and merging question results, see the Tanium Interact User Guide: Managing question results.

Remove an enforcement

From the list of enforcements, click Delete next to the enforcement that you want to remove. You can also select one or more enforcements and click Delete.