A script command run on a schedule, sometimes including package files.

action group

A collection of one or more computer groups to which an action is deployed.

ad hoc question

An unsaved query that you can create in the question bar to get information from endpoints. Also referred to as a dynamic question.

advanced role

A set of fine-grained content set permissions.

backward leader

The client that has the "lowest" IP address in its linear chain and that communicates directly with the Tanium™ Server on behalf of its neighborhood.


A list of patches that are prohibited from being deployed to the subscribed computer groups.


An organized collection of panels.


A sequenced list of software packages.


An organized collection of dashboards.


An endpoint that has the Tanium™ Client installed.

client deployment

An action of installing the Tanium Client on endpoints.

computer group

A configuration object that defines a set of endpoints that have a sensor result in common. For example, a particular operating system or tag.


Collective term for sensors, packages, saved questions, scheduled actions, dashboards, and categories.

content administrator

A reserved role that grants action management privileges and read/write privileges on all content sets.

content pack

A package distributed by Tanium™ that can include sensors, saved questions, packages, and scheduled actions.

content set

A group of sensors, saved questions, dashboards, categories, and packages to which a permission applies.

custom check

An arbitrary PowerShell, VBScript, or UNIX shell script that is used to evaluate conditions on an endpoint.

custom ID mapping

A configuration that maps a custom check ID or XCCDF rule ID to an arbitrary value.


A collection of saved questions.

deployment template

A collection of settings that can be used to repeatedly issue deployments.


An external server or piece of software to which Tanium data is sent.

discovery method

A scanner that finds unmanaged interfaces.

drill down

The action of issuing an additional question to the endpoints in the results grid.

dynamic question

An unsaved query that you can create in the question bar to get information from endpoints. Also referred to as an ad hoc question.


A node on a computer network, such as a computer or network device.


An application of a policy on the targeted endpoint.

evaluation engine

A process that can be deployed to endpoints to search for potential threats based on a piece of intel.

event recorder

A process that continuously saves key forensic evidence on each endpoint.

file indexer

A process that can be deployed to endpoints to index local file systems, compute file hashes, and gather file attributes and magic numbers.

file sharding

A distribution of a single file as a set of small files in order to limit the impact on network performance.

forward leader

The client that has the “highest" IP address in its linear chain and that communicates directly with the Tanium Server on behalf of its neighborhood.


A process of disabling functionality in the client environment that would otherwise enable users to make inadvertent changes or deliberately evade endpoint management by Tanium.


A collection of artifacts to detect and respond to a potential intrusion.

isolated subnet

A virtual private network (VPN) in which Tanium Clients cannot peer with each other or with clients outside the VPN.

Labs Content

Content provided through the Tanium Labs program. Labs content is not warranted or supported, but you might find it useful or instructive.


A Tanium Client on one end of a linear chain that has an intermittent connection with the Tanium Server to receive questions or send answers on behalf of the client neighborhood.

linear chain

An architecture for exchange of information and data among endpoints that are running Tanium Client.

live endpoint

A connection to an endpoint to conduct real-time analysis of activity on that endpoint.

managed interface

An endpoint that has the Tanium Client installed.


An XML file that lists the content and solutions published through

merge (questions)

The action of adding a new column with results from an additional sensor to the results already returned to the results grid.


See solution.

module server

A dedicated server to run application services and store files for Tanium solution modules.

module source

A configuration that defines data that a Tanium module provides to Trends.

natural language parser

A component that transforms search bar input into valid question syntax.


An adjacent endpoint. Tanium Client shares messages with the closest neighbors on each side.

neighborhood leader

See leader.


A script and files deployed to an endpoint for administrative action, like installation of a patch.

packages gallery

A collection of software package templates.


A visualization for data collected by a source.

parameterized sensor

The user issuing the saved question specifies a value before the question is issued to clients.


Capabilities to read or write content and other settings.


An extension to a Tanium™ Core Platform component or solution module.


A configuration that contains settings to block or allow applications on endpoints.


A set of configurations, rules, or parameters that applies to one or more computer groups.


A block that can be put on an endpoint to isolate it from the rest of the network.

quarantined sensor

A sensor that exceeded the one-minute timeout when it last ran on an endpoint.


A message sent to each Tanium-managed computer requesting one or more real-time details.


An indicator of threat level for a file hash: malicious, non-malicious, suspicious, or unknown.

reserved role

A role that assigns privileges that enable special purpose capabilities.

reserved sensor

Core system sensor that you cannot edit.

saved question

A configuration object that includes question syntax and reissue settings to get information from endpoints.

saved question source

A configuration that defines a Trends saved question, how often to issue the question, and when to collect results from endpoints.

scan configuration

A group of settings that determine the technique and frequency to search endpoints for patches.

scheduled action

An action configured to be issued regularly in order to promote hygiene in the enterprise environment.


A script deployed to endpoints to gather information sought in questions. A sensor executes on the endpoint, so it must leverage the native OS scripting languages or previously installed utilities. In response to a question message, the Tanium Client executes the respective sensor and returns the results from the local machine.

separated subnet

A subnet of Tanium Clients that can peer only with each other even though they are contained within a larger neighborhood of peering clients.

service account

A user that is configured to run services on the module server.


A small file that is part of set of files that make up a single file that can be used on an endpoint.


An expression to evaluate process, network, registry, and file events on an endpoint. Signals are available as a feed from Tanium, or you can author your own signals.

signed content

A content XML file signed by a cryptographic private key that corresponds with a public key that was added to the Tanium Server installation.


A piece of software built by Tanium that extends the Tanium™ platform.


A configuration that defines where data originates.

Tanium Server

The core platform server that communicates with clients.


A method of finding endpoints that match criteria returned by sensors.

Technical Account Manager (TAM)

A staff member from Tanium that helps to configure and troubleshoot Tanium deployments.

temp sensor

An instance of a parameterized sensor that includes a specific value in a saved question.

third-party content

A type of content not developed by Tanium or the customer that is imported into the customer environment.

unmanaged interface

A network device or computer that does not have the Tanium Client installed.

unmanageable interface

A network device or computer that cannot run the Tanium Client, such as a printer or router.

vulnerability source

A local path or URL to an Open Vulnerability and Assessment Language (OVAL) definitions file.


A user interface that facilitates management tasks.

zone proxy

A service to establish secure endpoint connections through zone servers.

zone server

A server typically deployed in an enterprise DMZ network to proxy traffic between Tanium Clients that reside on limited-access networks and a Tanium Server that resides on the trusted core network.