A-B | C-D | E-H | I-M | N-Q | R-T | U-Z



A package and associated settings, such as scheduling and targeting information, that are deployed to endpoints to perform operations.

action approval

A process of ensuring that actions do not run until a second user approves them.

action group

A collection of one or more computer groups to which an action is deployed.

action lock

An action that is deployed to endpoints to prevent the Tanium™ Client from running other actions.

ad hoc question

An unsaved query that you can create in the question bar to get information from endpoints. Also referred to as a dynamic question.

advanced role

A set of fine-grained content set permissions.

allowed URL

A URL from which the Tanium Server allows downloads to the Tanium Client.

background scan

A scan for intel matches that runs automatically on an interval specified by a Threat Response configuration.

backward leader

The client that has the "lowest" IP address in its linear chain and that communicates directly with the Tanium™ Server on behalf of its neighborhood.

block list

A list of objects, such as URLs, applications, files, or patches, to which endpoints are denied access.


An organized collection of panels.


A sequenced list of software packages.



A collection of dashboards that are related by purpose or subject matter.

centralized scan

A discovery method that uses the Tanium Module Server to find unmanaged interfaces beyond the local network.


An endpoint that has the Tanium Client installed.

client deployment

An action of installing the Tanium Client on endpoints.

computer group

A configuration object that defines a set of endpoints. It is used as a filter in questions and question results (filter group) or to assign management rights for viewing results and deploying actions (management groups).

computer management group

A configuration that assigns a user permission to perform operations, such as viewing question results and deploying actions, on a defined set of endpoints.


Collective term for sensors, packages, scheduled actions, saved questions, dashboards, categories, plug-ins, and filter groups. Tanium modules can supply additional types of content, and users can define custom content.

content administrator

A reserved role that grants action management privileges and read/write privileges on all content sets.

content pack

A solution distributed by Tanium that includes content such as sensors, packages, and saved questions.

content set

A group of related content, such as sensors, packages, and saved questions, to which a permission applies.

custom check

An arbitrary PowerShell, VBScript, or UNIX shell script that is used to evaluate conditions on an endpoint.

custom ID mapping

A configuration that maps a custom check ID or XCCDF rule ID to an arbitrary value.


In Interact, a collection of saved questions that are related by purpose or subject matter that the user can issue simultaneously.

deployment template

A collection of settings that can be used to repeatedly issue deployments.


An external server or piece of software to which Tanium data is sent.

discovery method

A scanner that finds unmanaged interfaces.

distributed scan

A discovery method that uses managed endpoints to find unmanaged interfaces.

drill down

The action of issuing an additional question to the endpoints in the results grid.

dynamic question

An unsaved query that you can create in the question bar to get information from endpoints.



A node on a computer network, such as a computer or network device.


An application of a policy on the targeted endpoint.


A source of data for Asset, such as a Tanium sensor or external database table. Each entity can contain one or more attributes.

evaluation engine

A process that can be deployed to endpoints to search for potential threats based on a piece of intel.

event recorder

A process that continuously saves key forensic evidence on each endpoint.

Event Recorder Driver

A driver that provides a source of process and command-line events on supported Windows endpoints.

file indexer

A process that can be deployed to endpoints to index local file systems, compute file hashes, and gather file attributes and magic numbers.

file sharding

A distribution of a single file as a set of small files in order to limit the impact on network performance.

filter group

A type of computer group that is used as a filter in questions and question results.

forward leader

The client that has the “highest" IP address in its linear chain and that communicates directly with the Tanium Server on behalf of its neighborhood.


A process of disabling functionality in the client environment that would otherwise enable users to make inadvertent changes or deliberately evade endpoint management by Tanium.



A collection of artifacts to detect and respond to a potential intrusion.

isolated subnet

A network in which endpoints cannot peer with each other or with endpoints outside the network.


A Tanium Client on one end of a linear chain that has an intermittent connection with the Tanium Server to receive questions or send answers on behalf of the client neighborhood.

linear chain

An architecture for exchange of information and data among endpoints that are running Tanium Client.

linear chain leader

See leader.

live endpoint

A connection to an endpoint to conduct real-time analysis of activity on that endpoint.

Live Response

A utility that collects forensic information from endpoints and transfers the results to a network location.

managed interface

A unique MAC address on an endpoint managed by Tanium.

managed source

A read-only source such as a module source or a saved question source that Tanium provides.


An XML file that lists the content and solutions published through

merge (questions)

The act of adding the results from an additional question to the current data in the results grid.

micro admin role

A type of role that assigns Tanium system administration permissions.


A solution that extends the functionality of the Tanium™ Core Platform.

module role

A type of role that grants access to Tanium solution workbenches, features, and content sets.

module source

A configuration that defines data that a Tanium module provides to Trends.


A group of settings that determine how watchlists are deployed to endpoints for continuous recording of file events.


natural language parser

A component that transforms user questions into valid syntax for querying endpoints.

neighborhood leader

See leader.


A script and files deployed to an endpoint for administrative action, like installation of a patch.

packages gallery

A collection of software package templates.


A visualization for data collected by a source.

parameterized package

A type of package that takes command-line arguments.

parameterized sensor

A type of sensor for which you specify a parameter when defining a question.


An expression that matches entities that can otherwise be hidden in the context of other information.


A set of roles and computer groups that a user selects for a Tanium session and that restricts what the user can see and do with Tanium products.


An extension to a Tanium™ Core Platform component or solution module.


An endpoint configuration that contains settings to enforce or a set of tasks to run.

policy action

A scheduled action that enforces policies on endpoints.


A set of configurations, rules, or parameters that applies to one or more computer groups.


A block that can be put on an endpoint to isolate it from the rest of the network.

quarantined sensor

A sensor that exceeded the one-minute timeout when it last ran on an endpoint.


A query to managed endpoints that returns answers based on the output of sensors.

quick scan

An action that sends a single piece of intel to the endpoints for immediate matching and alert reporting.



An indicator of threat level for a file hash: malicious, non-malicious, suspicious, or unknown.

reserved role

A non-configurable, Tanium-defined role that assigns permissions for special-purpose capabilities, such as managing the Tanium license, that are unavailable to non-reserved roles.

reserved sensor

A core system sensor that you cannot edit.

response action

An action that runs one time during a provided time range, and re-runs later if the endpoint is not online during the initial run.

root keys

The public-private root key pair at the top of the Tanium key infrastructure that is required for all subordinate keys to secure connections among Tanium Core Platform components.

saved question

A configuration object that includes question syntax and reissue settings to get information from endpoints.

saved question source

A configuration that defines a Trends saved question, how often to issue the question, and when to collect results from endpoints.

scan configuration

A group of settings that determine the technique and frequency to search endpoints for patches.


A script that the Tanium Client runs on an endpoint to return an answer to a question.

sensor-sourced package

A type of parameterized package that uses sensor output instead of user input as run-time command-line arguments.

separated subnet

A subset of endpoints within the AddressMask subnet boundaries that can peer with each other but not with endpoints outside that subset.

service account

A user account that Tanium products use to run services and background processes on Tanium Core Platform servers.


A fragment of a package file that is distributed across a linear chain

shared service

A solution that shares data or functionality across Tanium products or third-party applications.


An expression to evaluate process, network, registry, and file events on an endpoint. Signals are available as a feed from Tanium, or you can author your own signals.

signed content

A content XML file signed by a cryptographic private key that corresponds with a public key that was added to the Tanium Server installation.


A module, shared service, or content pack that extends the functionality of the Tanium™ Core Platform.


A configuration that defines where data originates.

Tanium™ Module Server

The Tanium Core Platform server that runs application services and stores files for Tanium solution modules.

Tanium™ Recorder Client Extension

A service that continuously saves file activity on each endpoint.

Tanium Server

A server that runs the Tanium™ Console and API services, and that communicates with Tanium Clients (directly or through a Zone Server), other Tanium Core Platform servers, and the servers.


The hardened Linux-based operating system that runs on the Tanium Appliance.


The act of specifying which endpoints must answer a question or run an action.

Technical Account Manager (TAM)

A staff member from Tanium who helps to configure and troubleshoot Tanium deployments.

temporary sensor

An instance of a parameterized sensor that includes a specific value in a saved question.

third-party content

A type of content not developed by Tanium or the customer that is imported into the customer environment.


unmanaged interface

A unique MAC address on a device that is not managed by Tanium.

unmanageable interface

A unique MAC address on a device that cannot be managed by Tanium, such as a printer or router.


The confirmation or rejection of a pattern match to improve the accuracy of rule performance and to reduce the number of false positive results on the data that rules target.


A filtered version of Asset data for exporting to a destination.

vulnerability source

A local path or URL to an Open Vulnerability and Assessment Language (OVAL) definitions file.


A set of files or directories to watch for changes.


A user interface that facilitates management tasks for Tanium solutions.

Zone Proxy

A service that acts as a proxy between the Tanium Server and Zone Server.

Zone Server

A server that is typically deployed in an enterprise DMZ network to proxy traffic between Tanium Clients that reside in untrusted external networks and a Tanium Server that resides in the trusted internal network.

Zone Server Hub

A service that acts as a proxy between the Tanium Server and Zone Server.