Getting started with the Console and Interact

Set up the Console and Interact

The Tanium Console and Interact are licensed as part of the Tanium Core Platform. After you install the Tanium Core Platform servers, pPerform the following tasks to set up the Console, Interact, and Tanium Core Platform:

  1. Review the system, network, security, and user role requirements for the Console and Interact. See Tanium Console and Interact requirements.

    The Tanium Server installation process automatically installs the Console version that corresponds to the server version. For details, see Core platform dependencies.

  2. Sign in to the Console and verify that all your licensed Tanium modules and Tanium shared services are available. to start the import of Initial content.
  3. Import the Tanium modules (including Interact), shared services, and content-only solutions that you will use. See Managing Tanium solutions.
  4. (Best practice) Reconfigure the predefined action groups for the deployment of tools that Initial content provides. See Tanium Endpoint Configuration User Guide: View and manage content-only solutions.
  5. (Optional) Customize the Console and Interact. For example, you can customize the border color and logo in the Main menu, set your user preferences, and reorganize the Interact Overview page. See Customizing the Console and Interact.
  6. (Optional) Configure Tanium Core Platform settings such as Tanium Client subnets, proxy server settings, allowed URLs, and bandwidth throttles. See Tanium Core Platform configuration.
  7. (Optional) Create custom content (such as packages and saved questions) to complement the Tanium-defined content that you import through Tanium modules, shared services, and content-only solutions. See Content overview.
  8. (Optional) Register sensors for automatic collection of results so that you can see stored results from endpoints that are offline when you issue questions. Certain sensors are registered by default. See Manage sensor results collection.
  9. Set up role-based access control (RBAC) to determine what users can see and do with the Tanium Core Platform. This involves configuring users, user groups, user roles, personas, computer groups, and content set permissions. See RBAC overview.

Initial content

Action groups and computer groups

Tanium Cloud provides The Tanium Server installation process automatically creates the following predefined action groups and their associated computer groups:

Action Group Description and computer group assignment
Default - All Computers This is the default action group selection when you deploy a custom action. It targets the All Computers computer group. Therefore, actions that are assigned the Default - All Computers action group deploy to all the managed endpoints in your organization.
Default This action group targets only the No Computers computer group. Therefore, actions that are assigned the Default action group do not deploy to endpoints. Default is the default action group for scheduled actions that Tanium Cloud importsyou import with Tanium solutions, except the actions that Tanium™ Endpoint Configuration uses to deploy tools. Default is also the default action group for scheduled actions that you import from another Tanium Server.

Tanium Default Content

Tanium Default Content - 7Zip

Tanium Default Content - Optional

Tanium Core Content

Tanium Endpoint Configuration creates these action groups for deploying tools that Tanium Content-only solutions provide. Initially, the tools do not deploy to endpoints because the action groups target the No Computers computer group.

As part of initial setup for the Tanium Console and Interact, reconfigure the Tanium Default Content and Tanium Core Content action groups to target All Computers for tools deployment. Reconfiguring the Tanium Default Content - 7Zip and Tanium Default Content - Optional action groups is necessary only if you require the associated tools. See Tanium Endpoint Configuration User Guide: Configure action groups for content-only solutions.

Content-only solutions

Tanium Cloud automatically imports all the modules and shared services that your Tanium license specifies, along with any content-only solutions that are dependencies. Content-only solutions provide content such as sensors but do not have a workbench or service. Tanium Cloud imports the following content-only solutions to provide basic functionality for Interact:

Content-only solutions provide content such as sensors but do not have a workbench or service. After the Tanium Server is installed, it automatically imports the content-only solutions Default Content and Default Computer Groups when the first user signs in to the Tanium Console. The Console displays a pop-up window that shows the import progress. If you perform the Tanium Recommended Installation (see Import all modules and services), the server automatically imports several more content-only solutions, but you must manually import others. When you import Interact, the server automatically imports the content-only solution Core Content because it is a dependency for that module. The following table describes the initial content-only solutions for basic Interact functionality:

Content-only solution Content

Default Content

Core Content

These solutions provide sensors and saved questions for collecting basic inventory and state information from endpoints. The Tanium™ Data Service automatically issues questions that contain many of these sensors (such as Computer ID) to all endpoints.

For details about the Tanium Data Service, see Manage sensor results collection.

The Default Content and Core Content solutions also provide the following tools:

  • Default Content: Contains utilities necessary for all Tanium-provided sensors and packages in the Base and Client Management content sets.

  • Default Content - 7Zip: Contains optional utilities for custom content that uses the 7zip file archiver.
  • Default Content - Optional: Contains optional utilities for custom content that uses the following processes: TPowerShell, runasuser, run-allusers-wrappers, unzip-and-run, or copy-to-tanium-dir-predist.
  • Core Content: Contains utilities that are required for all Tanium-provided sensors and packages in the Core Content content set.

Endpoint Configuration manages tool deployment for these content-only solutions. See Tanium Endpoint Configuration User Guide: View and manage content-only solutions.
Default Computer Groups This solution provides computer groups that you can use to target endpoints based on operating system (OS) or platform type (such as physical or virtual). See Default computer groups.

Sign in to the Console

Access the Tanium Console through a supported web browser (see Web browsers). After you sign in, your Console user session persists (remains valid) until you manually sign out, close the browser, or the inactivity timeout expires (default is 10 minutes). To manually sign out, see Sign out of the Console. To change the inactivity timeout, see Set Console user preferences.

After you sign in to the Tanium Console, the system you are using periodically sends Tanium Cloudthe Tanium Server a heartbeat message every 2.5 minutes as long as you keep the browser open. The heartbeat interval (default 2.5 minutes) is half the value of the session_expiration_seconds platform setting (default 5 minutes). If Tanium Cloudthe server does not receive a heartbeat after 5 minutesby the session_expiration_seconds interval, it terminates your user session. Therefore, if an event such as a network connectivity issue interrupts the heartbeat, you must sign in to the Console again regardless of whether the inactivity timeout has expired.

During the setup of your Tanium Cloud deployment, an administrator account is created that you can use to sign in to the Tanium Console for the first time. This user is based on an IdP account that your organization selects as the primary administrator for your Tanium Cloud deployment. The user has unrestricted computer group management rights. The user also has the Admin reserved role, which enables access to all the features that are available in Tanium Cloud, including the ability to configure role-based access control (RBAC) for all other Tanium Cloud users.

The Tanium Console provides single sign-on (SSO) access with two-factor authentication (2FA) through a Security Assertion Markup Language (SAML) identity provider (IdP). After signing in to the IdP, a user can start new Tanium Console sessions repeatedly without re-authenticating, until the IdP session times out.

The IdP session timeout is configured on the IdP server. Consult your IdP administrator for more information.

  1. Open a web browser and go to the URL for your Tanium Cloud instance.

    The URL has the format https://<Tanium Cloud instance>.cloud.tanium.com.

  2. Click Sign In with SSO.Login page
  3. If you never signed in to the IdP or your IdP session has timed out, Tanium Cloud redirects you to the IdP, where you enter your user name and password. If you previously signed in to the IdP and your IdP session is active, you do not need to re-authenticate to the IdP. After you authenticate, the Tanium Console opens in your browser. If a pre-login banner is configured (see Configure a pre-login banner), you must read the banner text and click I Agree before the Console can open.

By default, Tanium Cloud applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Console session.

The steps to access the Tanium Console depend on where you sign in:

After you first sign in after Tanium Server installation, the Tanium Console displays a pop-up window that shows the progress of Initial content imports, and then opens the Solutions page. Use this page to import Tanium modules and shared services that you are licensed to use (see Managing Tanium solutions). For subsequent sign-on sessions, the Tanium Console displays its home page (https://<Tanium Server>/#/home) by default. However, if your browser URL field specified another Console page (such as https://<Tanium Server>/#/actions/scheduled/) when the browser timed out or you signed out, that page opens when you next sign in through the same browser.

If you cannot access the Console, see Troubleshoot Console access.

Sign in through the Tanium Server

The type of authentication that is configured for your user account determines the sign-in prompt that you see:

  • SAML authentication: If the Tanium Server functions as a Security Assertion Markup Language (SAML) service provider (SP) and your account on the server matches an account on the SAML Identity Provider (IdP), the Console provides single sign-on (SSO) authentication. SSO enables a user to start new Console sessions repeatedly without re-authenticating, until the IdP session times out. For details, see SP-initiated SSO.

    The IdP session timeout is configured on the IdP server. Consult your IdP administrator for more information.

  • LDAP or local authentication: If the Tanium Server authenticates your account through local authentication or Lightweight Directory Access Protocol (LDAP) authentication instead of SAML SSO, you sign in for each session with a user name and password. For details on local authentication, see User authentication. For details on LDAP authentication, see Integrating with LDAP servers.

Perform the following steps to sign in through the Tanium Server:

  1. Open a web browser and go to the Tanium Server URL.

    The URL has the format: https://<FQDN or IP address>[:<port>]. If the Tanium Server uses the default port (443), you do not need to specify the port.

    If a pre-login banner is configured, read the banner text and click I Agree. For details, see Configure a pre-login banner.

    If you are using LDAP or local authentication and SAML SSO is not configured for any user, the sign-in page shows only the Username and Password fields.

    If the Tanium Server is configured to authenticate some users through SAML SSO, the sign-in page shows a Sign In with SSO button and a Sign In with Password link below it.

  2. (SSO authentication only) Sign in through SAML SSO:

    1. Click Sign In with SSO.

    2. If you never signed in to the IdP or your IdP session has timed out, sign in to the IdP with your username and password. If you previously signed in to the IdP and your IdP session is active, you do not need to enter credentials.
  3. (LDAP or local authentication only) Enter your Username and Password. If the sign-in page does not display these fields, click Sign In with Password and then enter your credentials.

    When you first sign in after the Tanium Server is installed, you must enter the username and password of the initial Tanium Console administrator account. The credentials for this account are set during server installation. This account has the Administrator reserved role and can create additional users.

By default, the Tanium Server applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Console session.

Sign in through a SAML IdP portal

If the Tanium Server integrates with the IdP portal that your organization uses for accessing applications, the portal provides SSO access to the Console. For details, see IdP-initiated SSO.

  1. Go to the IdP SSO portal.
  2. If you never signed in to the IdP or your IdP session has timed out, sign in to the IdP using your username and password. If you previously signed in to the IdP and your IdP session is active, you do not need to enter credentials.

    The IdP portal displays a tile for each application that you can access.

  3. Click the Tanium Console tile.

    The IdP redirects you to the Tanium Server and the Tanium Console opens in your browser. If a pre-login banner is configured (see Configure a pre-login banner), you must read the banner text and click I Agree before the Console can open.

By default, the Tanium Server applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Console session.

Sign out of the Console

To sign out of (terminate) your Tanium Console user session, go to the Main menu, click User, and select Sign Out. To access the Console again, you must then sign in to start a new session.

If the Tanium Server is configured to integrate with a SAML IdP, your Your IdP session can remain active even after you sign out of the Console. As long as your IdP session remains active, you can access the Console again without re-authenticating.

If you are inactive on the Console for longer than the inactivity timeout (default is 10 minutes), your user session ends automatically. To change the timeout interval, see Set Console user preferences. Closing the browser that you are using to access the Console also terminates the session.

Sign out before closing the browser.

Console components and navigation

The following figure shows the common components and navigation widgets that the Tanium Console shows regardless of which solution workbench is open:

Figure  1:  Tanium Console components and navigation
Console components
Console components
1

Main menu (header)

Navigate among Tanium modules, shared services, and the pages that you use to administer the Tanium Console and Tanium Core Platform. The Main menu displays the following elements from left to right.

To customize elements in the Main menu, see Customizing the Console and Interact.

  • Logo Tanium logo

    Return to the Tanium Home page from any other page in the Console. You can customize the logo for your enterprise.

  • Home Home

    Return to the Tanium Home page from any other page in the Console.

  • Modules Modules

    Open the workbench (user interface) for a Tanium module. You can open modules that are imported and that you have role permissions to access. Click a module name to open its Overview page. Hover over a module name to display submenus by which to navigate to other pages in the module:

    Modules submenus

    The ability to display module submenus is available only if all your licensed Tanium solutions support the feature.

  • Data Reporting

    Provides access to Tanium™ Reporting pages for exploring data and for managing reports and dashboards. See Tanium Reporting User Guide.

  • Administration Administration

    Navigate the Console administration pages or open the workbench for a Tanium shared service that you have imported. The menu displays only the administration pages and shared services that you have role permissions to access.

    If approval is required for actions that other users created and you have the Approve Action permission, a red number beside the menu indicates the number of actions that you can approve. See Managing action approval.

  • Quick Access Quick Access

    Opens a typeahead search field where you enter a text string to find a quick link. Selecting a quick link opens the associated page or dialog in the Tanium Console or a solution workbench. For example, after you enter comply, you can select a quick link to one of the Tanium™ Comply pages.

    Quick Access

    The Quick Access tab appears only if all your licensed Tanium solutions support the feature.

  • Activity Notifications

    Provides access to Tanium™ Feed to manage notifications. See Tanium Feed User Guide.

  • <Custom text>

    By default, the area above the Tanium CloudBuild (<Platform>): <version> | Console: ><version> text is blank, but you can add custom text (Lab Environment in Figure  1) and change the background color to help users identify the environment they are using. See Configure Console header text and Select the Console color.

  • <Version>

    The Build (<Platform>): <version> | Console: ><version> fields indicate the type of Tanium Core Platform infrastructure (such as Windows), platform version, and Tanium Console version.

  • Notifications Notifications

    Click to open a slide-out panel to view notifications from Tanium™ Feed. See Tanium Feed User Guide.

  • Help Help

    Click to go to the Tanium documentation portal, where you can access the user guides. If you add the URL for a custom help system, the Help Help menu provides options for both Tanium documentation and custom help. See Add a help URL.

  • <User name> User

    Hovering over the icon opens a menu that displays the following information and options:

    • User: The top item is the user name of the account that you used to sign in to the Console.
    • Persona: User <current persona>: This item indicates the current persona but appears only if you signed in to the Console with a user account that has alternative personas assigned. Click the item to select another persona as described under Select a persona for your Console session.
    • Preferences: Click to configure user-specific behaviors for the Console. See Set Console user preferences.
    • Local Error Log: Click to view details about the last 100 errors that were returned to the Console in response to actions taken with the browser. For details, see Work with the Console error log.
    • Sign Out: Click to terminate your current Console sign-in session.
    • Last Sign In: The date and time when you last signed in to the Console.

  • Warning indicator Warning

    This icon appears only if warning conditions exist. The Console initially displays the warnings when you sign in. Click this icon to redisplay the warnings.
2

Module menu

The module menu is in the workbench of every Tanium solution (module or shared service) so that you can navigate the workbench pages. Figure  1 shows the expanded menu for Tanium Interact. By default, the menu is collapsed (Figure  2) until you click Options Options. You can also select a solution page without expanding the menu by hovering over Options Options and then selecting the page name.

Another alternative is to access solution pages through the Modules menu in the Main menu (header).

Figure  2:  Module menu: collapsed
Navigation pane

In the Tanium Console Administration pages, you can pin the menu for each category of pages (Actions, Content, Permissions, or Configuration) to the side of the interface: go to one of the pages in a category (such as the Content > Sensors page), hover over Options Options and, when it changes to the pin icon Pin, click it. Click Pin again to unpin the sidebar menu.

Figure  3:  Administration sidebar menu: pinned
Administration sidebar

In addition to the sidebar menu, the Tanium Console Administration pages contain breadcrumbs to help orient you in the user interface.

Figure  4:  Example breadcrumb trail for the Roles page
Breadcrumb example
3

Display pane

Displays the main body of the current Tanium Console page. In Figure  1, the display pane shows the Interact Overview page.
The Tanium Console supports navigation through the keyboard:
  • Use the Tab key to navigate through the options on each page.
  • Use Shift + Tab to return to a previous option.
  • Press the Enter key to activate a link or button.
  • Press the Spacebar to expand or collapse a dropdown menu or section, and to select checkboxes.

  • The Main menu contains a Skip to Main Content button that appears when you tab into the Main menu. Press the Enter key to skip all options in the Main menu and to navigate to the first option in the display pane.

Tanium Home page

The Tanium Home page (Figure  5) provides an overview of your environment and quick access to Tanium solutions. You can perform the following tasks on the Home page:

Figure  5:  Tanium Home page

Customize the Tanium Home page

To change the contents of the Tanium Home page, click Customize page Customize Page. For details, see Customize solution overview pages. You can toggle between collapsing Collapse or expanding Expand a section.

View environment status

This section shows general metrics related to your enterprise inventory.

The charts display data only from endpoints in computer groups for which you have management rights. As a result, different users might see different numbers in the same environment. Users with Unrestricted Management Rights will see data from all endpoints in the environment. To change management rights, see Managing computer groups.

The charts include:

  • Online Endpoints

    The number of managed endpoints that have registered with Tanium Cloudthe Tanium Server in the last 31 minutes. Endpoints are devices such as desktops, laptops, servers, virtual machines, or containers. Managed endpoints have the Tanium Client installed. Click the number to issue the saved question: Get Computer Name and IP Address and Operating System from all machines.This question returns results from endpoints that are online at the moment you click the number.

  • Total Endpoints

    The total number of online and offline managed endpoints. Tanium CloudThe Tanium Server calculates the number based on multiple identifiers that the Tanium Data Service collects from each endpoint. Using multiple identifiers improves the accuracy of the count in environments where, for any particular endpoint, one identifier might change over time while other identifiers do not. The number includes offline endpoints only if they have registered with Tanium Cloudthe server within the retention period (default is 30 days). Click the Total Endpoints number to issue the saved question: Get Computer Name and IP Address and Operating System from all machines. Tanium CloudThe server collects the question results from the Tanium Data Service cache for all endpoints that have registered within the retention period. To change the retention period, see Configure removal of expired sensor results.

    Tanium Cloud The Tanium Server does not determine license compliance based on the Environment Status count. To tally endpoints for compliance, Tanium Cloudthe server identifies each endpoint only by its fully qualified domain name (FQDN). You can see the FQDN-based count on the Administration > Configuration > Client Status page. See View managed endpoints count for license compliance.

  • Operating Platform

    The number of offline and online endpoints, grouped by operating system platform.

  • Unmanaged Network Interfaces

    The number of unmanaged network interfaces that Tanium™ Discover has found. Unmanaged interfaces are unique MAC addresses that are not currently Tanium-managed. It is normal to see more interfaces than endpoints; an endpoint with multiple network interface controllers (NICs) displays as multiple interfaces. Click the number to open the Interfaces page in Discover (see Tanium Discover User Guide: View interface data). This chart appears only if your Tanium license includesDiscover is installed and you have a user role with the Discover Asset read permission.

    After you install Discover, t The Unmanaged Network Interfaces chart appears when Discover finds any unmanaged network interfaces. The amount of time to find unmanaged network interfaces depends on the complexity of your environment. For details on user roles and discovering network interfaces in Discover, see Tanium Discover User Guide.

Explore data from endpoints

You can issue a dynamic question through the Ask a Question field or by clicking the Build Question button to open the Question Builder. To see detailed information about a single endpoint, use the Search Endpoints field. For details on these Interact features, see Asking questions and searching endpoints.

Add Quick Links

When you install Tanium solutions, the Quick Links section on the Tanium Home page populates with common links to those solutions. You can customize the links that appear to include links that you access frequently. Go to the Quick Links section, click Edit Edit, select the pages, and click Save.

By default, the Quick Links section is hidden. To show the section, click Customize Page, select Quick Links, and click Save.

Figure  6:  Quick Links
Quick Links

You can also select quick links in the Quick Access typeahead search field.

Access Tanium module workbenches

In the Modules section, click a tile to open a module workbench. The page displays tiles only for the modules that are imported and that you have permissions to access.

Click the logo Tanium logo or Home Home in the Main menu to return to the Tanium Home page from any solution page.

View dashboards

The Dashboard and Dashboard List sections highlight dashboards provided by Tanium™ Reporting. The Dashboard section shows one complete dashboard, and the Dashboard List section shows small (micro) charts for up to five dashboards that you select. The dashboards are interactive; click a data point on any chart to view the report that contains the underlying data.

Use the controls above the dashboards to filter the data by computer group, favorites, or to show only charts with alerts. For the Dashboard List section, you can also filter by dashboard and chart name.

Use the controls above the dashboards to filter the data by computer group, favorites, charts with alerts, and to manage refresh intervals. For the Dashboard List section, you can also filter by dashboard and chart name.

By default, the Dashboard and Dashboard List sections contain dashboards provided by Tanium. For more information on dashboards and reports, including how to customize the Dashboard and Dashboard List sections with your own dashboards, see Tanium Reporting User Guide.

The Dashboard and Dashboard List sections only appear if Reporting 1.8.40 or later and Interact 2.12.113 or later are installed.

Add favorite Interact categories, dashboards, and saved questions

Tanium groups saved questions by dashboard and groups dashboards by category. If you frequently issue certain questions or dashboards, you can flag them as favorites on the Tanium Home page.

By default, the Home page does not display the Favorite Interact Dashboards and Favorite Interact Saved Questions sections. To display them, click Customize page Customize Page, select the check boxes for those sections, and click Save.

If the dashboards that you frequently use belong to the same category, you can also flag that category as a favorite to appear on the Home page. Expand Expand a category to see its dashboards and questions. You can also Expand Expand a dashboard to see its questions.

Figure  7:  Favorite Interact Categories
Favorite Interact Categories

To change the favorite Favorite or non-favorite Non-favorite status of a category, dashboard, or saved question, click the Favorites toggle Select Favorite/Deselect Favorite. See Filter by favorites.

For details on categories, dashboards, and saved questions, see Managing saved questions.

Use Interact

The following are regular tasks that you perform after the initial setup of the Tanium Console and Interact:

  1. Issue dynamic questions or search endpoints to retrieve information about the endpoints in your network. See Asking questions and searching endpoints.
  2. Analyze and manage question results. For example, you can drill down into the question results with additional questions, filter the Question Results grid, and export its content. For details, see Managing question results.
  3. Manage actions. For example, you can deploy ad-hoc actions or schedule recurring actions based on question results, and configure an action approval workflow. For details, see Actions overview.
  4. Manage saved questions. For example, you can create saved questions, assign them to dashboards, assign the dashboards to categories, and assign saved questions to content sets based on RBAC requirements. For details, see Managing saved questions.