A package and associated settings, such as scheduling and targeting information, that are deployed to endpoints to perform operations.
A process of ensuring that actions do not run until a second user approves them.
A collection of one or more computer groups to which an action is deployed.
An action that is deployed to endpoints to prevent the Tanium™ Client from running other actions.
ad hoc question
An unsaved query that you can create in the question bar to get information from endpoints. Also referred to as a dynamic question.
A set of fine-grained content set permissions.
A URL from which the Tanium Server allows downloads to the Tanium Client.
A scan for intel matches that runs automatically on an interval specified by a Threat Response configuration.
The client that has the "lowest" IP address in its linear chain and that communicates directly with the Tanium™ Server on behalf of its neighborhood.
A list of objects, such as URLs, applications, files, or patches, to which endpoints are denied access.
An organized collection of panels.
A sequenced list of software packages.
A collection of dashboards that are related by purpose or subject matter.
A discovery method that uses the Tanium Module Server to find unmanaged interfaces beyond the local network.
An endpoint that has the Tanium Client installed.
An action of installing the Tanium Client on endpoints.
A configuration object that defines a set of endpoints. It is used as a filter in questions and question results (filter group) or to assign management rights for viewing results and deploying actions (management groups).
computer management group
A configuration that assigns a user permission to perform operations, such as viewing question results and deploying actions, on a defined set of endpoints.
Collective term for sensors, packages, scheduled actions, saved questions, dashboards, categories, plug-ins, and filter groups. Tanium modules can supply additional types of content, and users can define custom content.
A reserved role that grants action management privileges and read/write privileges on all content sets.
A solution distributed by Tanium that includes content such as sensors, packages, and saved questions.
A group of related content, such as sensors, packages, and saved questions, to which a permission applies.
An arbitrary PowerShell, VBScript, or UNIX shell script that is used to evaluate conditions on an endpoint.
custom ID mapping
A configuration that maps a custom check ID or XCCDF rule ID to an arbitrary value.
In Interact, a collection of saved questions that are related by purpose or subject matter that the user can issue simultaneously.
A collection of settings that can be used to repeatedly issue deployments.
An external server or piece of software to which Tanium data is sent.
A scanner that finds unmanaged interfaces.
A discovery method that uses managed endpoints to find unmanaged interfaces.
The action of issuing an additional question to the endpoints in the results grid.
An unsaved query that you can create in the question bar to get information from endpoints.
A node on a computer network, such as a computer or network device.
An application of a policy on the targeted endpoint.
A source of data for Asset, such as a Tanium sensor or external database table. Each entity can contain one or more attributes.
A process that can be deployed to endpoints to search for potential threats based on a piece of intel.
A process that continuously saves key forensic evidence on each endpoint.
Event Recorder Driver
A driver that provides a source of process and command-line events on supported Windows endpoints.
A process that can be deployed to endpoints to index local file systems, compute file hashes, and gather file attributes and magic numbers.
A distribution of a single file as a set of small files in order to limit the impact on network performance.
A type of computer group that is used as a filter in questions and question results.
The client that has the “highest" IP address in its linear chain and that communicates directly with the Tanium Server on behalf of its neighborhood.
A process of disabling functionality in the client environment that would otherwise enable users to make inadvertent changes or deliberately evade endpoint management by Tanium.
A collection of artifacts to detect and respond to a potential intrusion.
A network in which endpoints cannot peer with each other or with endpoints outside the network.
A Tanium Client on one end of a linear chain that has an intermittent connection with the Tanium Server to receive questions or send answers on behalf of the client neighborhood.
An architecture for exchange of information and data among endpoints that are running Tanium Client.
linear chain leader
A connection to an endpoint to conduct real-time analysis of activity on that endpoint.
A utility that collects forensic information from endpoints and transfers the results to a network location.
A unique MAC address on an endpoint managed by Tanium.
A read-only source such as a module source or a saved question source that Tanium provides.
An XML file that lists the content and solutions published through content.tanium.com.
The act of adding the results from an additional question to the current data in the results grid.
micro admin role
A type of role that assigns Tanium system administration permissions.
A solution that extends the functionality of the Tanium™ Core Platform.
A type of role that grants access to Tanium solution workbenches, features, and content sets.
A configuration that defines data that a Tanium module provides to Trends.
A group of settings that determine how watchlists are deployed to endpoints for continuous recording of file events.
natural language parser
A component that transforms user questions into valid syntax for querying endpoints.
A script and files deployed to an endpoint for administrative action, like installation of a patch.
A collection of software package templates.
A visualization for data collected by a source.
A type of package that takes command-line arguments.
A type of sensor for which you specify a parameter when defining a question.
An expression that matches entities that can otherwise be hidden in the context of other information.
A set of roles and computer groups that a user selects for a Tanium session and that restricts what the user can see and do with Tanium products.
An extension to a Tanium™ Core Platform component or solution module.
An endpoint configuration that contains settings to enforce or a set of tasks to run.
A scheduled action that enforces policies on endpoints.
A set of configurations, rules, or parameters that applies to one or more computer groups.
A block that can be put on an endpoint to isolate it from the rest of the network.
A sensor that exceeded the one-minute timeout when it last ran on an endpoint.
A query to managed endpoints that returns answers based on the output of sensors.
An action that sends a single piece of intel to the endpoints for immediate matching and alert reporting.
An indicator of threat level for a file hash: malicious, non-malicious, suspicious, or unknown.
A non-configurable, Tanium-defined role that assigns permissions for special-purpose capabilities, such as managing the Tanium license, that are unavailable to non-reserved roles.
A core system sensor that you cannot edit.
An action that runs one time during a provided time range, and re-runs later if the endpoint is not online during the initial run.
The public-private root key pair at the top of the Tanium key infrastructure that is required for all subordinate keys to secure connections among Tanium Core Platform components.
A configuration object that includes question syntax and reissue settings to get information from endpoints.
saved question source
A configuration that defines a Trends saved question, how often to issue the question, and when to collect results from endpoints.
A group of settings that determine the technique and frequency to search endpoints for patches.
A script that the Tanium Client runs on an endpoint to return an answer to a question.
A type of parameterized package that uses sensor output instead of user input as run-time command-line arguments.
A subset of endpoints within the AddressMask subnet boundaries that can peer with each other but not with endpoints outside that subset.
A user account that Tanium products use to run services and background processes on Tanium Core Platform servers.
A fragment of a package file that is distributed across a linear chain .
A solution that shares data or functionality across Tanium products or third-party applications.
An expression to evaluate process, network, registry, and file events on an endpoint. Signals are available as a feed from Tanium, or you can author your own signals.
A content XML file signed by a cryptographic private key that corresponds with a public key that was added to the Tanium Server installation.
A module, shared service, or content pack that extends the functionality of the Tanium™ Core Platform.
A configuration that defines where data originates.
Tanium™ Module Server
The Tanium Core Platform server that runs application services and stores files for Tanium solution modules.
Tanium™ Recorder Client Extension
A service that continuously saves file activity on each endpoint.
A server that runs the Tanium™ Console and API services, and that communicates with Tanium Clients (directly or through a Zone Server), other Tanium Core Platform servers, and the content.tanium.com servers.
The hardened Linux-based operating system that runs on the Tanium Appliance.
The act of specifying which endpoints must answer a question or run an action.
Technical Account Manager (TAM)
A staff member from Tanium who helps to configure and troubleshoot Tanium deployments.
An instance of a parameterized sensor that includes a specific value in a saved question.
A type of content not developed by Tanium or the customer that is imported into the customer environment.
A unique MAC address on a device that is not managed by Tanium.
A unique MAC address on a device that cannot be managed by Tanium, such as a printer or router.
The confirmation or rejection of a pattern match to improve the accuracy of rule performance and to reduce the number of false positive results on the data that rules target.
A filtered version of Asset data for exporting to a destination.
A local path or URL to an Open Vulnerability and Assessment Language (OVAL) definitions file.
A set of files or directories to watch for changes.
A user interface that facilitates management tasks for Tanium solutions.
A service that acts as a proxy between the Tanium Server and Zone Server.
A server that is typically deployed in an enterprise DMZ network to proxy traffic between Tanium Clients that reside in untrusted external networks and a Tanium Server that resides in the trusted internal network.
Zone Server Hub
A service that acts as a proxy between the Tanium Server and Zone Server.