Managing Tanium solutions

Tanium as a Service automatically manages installations and upgrades for Tanium modules, shared services, and content packs.

Tanium solutions include modules (such as Interact), shared services (such as Direct Connect), and content packs (such as Default Content). Each Tanium module and shared service includes content and a workbench. A workbench is the user interface that you use to perform module or service operations. Use the content and workbenches to manage, monitor, and protect the endpoints in your network. To see a list of modules and services, and a brief description of the purpose for each one, go to https://docs.tanium.com. The Tanium Console User Interface (UI) is also a module that you can upgrade when an updated version is available.

To perform all management tasks for Tanium modules, shared services, content packs, and console UI updates, users require the Administrator reserved role. Any user who has the Import Signed Content micro admin permission can import these content types.

Manage Tanium modules

To import, re-import, export, upgrade, or uninstall modules, from the Main menu go to Administration > Configuration > Solutions to open the Tanium Solutions page. When you first sign into the Tanium Console after Tanium Server installation, this page opens by default. Clicking the Install with Recommended Configurations button at the top initiates the workflow to import and (optionally) configure, in a single operation, all the modules and shared services that you are licensed to use. You can also use the tiles in the Modules section to import only specific modules. After you import any modules, the page stops displaying the Install with Recommended Configurations button. For the procedure, see Import and (optionally) configure the latest versions of all modules. Automatic configuration is not available for upgrade or re-import operations.

When you initially set up your Tanium deployment, the best practice is to import all the modules in a single operation because some cannot function unless you import dependent modules and shared services. For example, the Reveal module requires that you first import the Direct Connect service. For details about the dependencies see Module- and service-specific dependencies and default settings. The Tanium Server automatically imports one module at a time in order based on the dependencies and imports several content packs that are useful for many modules.

In the Modules section , the tile for each module shows the currently Installed version, if any. The following table describes the buttons and links in each tile that enable you to perform actions on the module based on its status.

For Tanium Servers in a high availability (HA) deployment, you need to import, re-import, upgrade, or uninstall modules on only one server. The HA peer automatically attempts to perform the same operation. For details, see Module synchronization in an HA deployment.

To manage the Tanium Console UI module, see Import Tanium Console UI updates.

Contact Tanium Support if the Tanium Solutions page does not display tiles for certain module.

Table 1:   Tanium module actions and status
Action/Status Description
Export Export Export a URL for the module version that is currently installed on the Tanium Server. You can then sign into the Tanium Console of another Tanium Server and import that version from the URL. For details, see Export and import a specific module version.
Import <version> If you purchased a module but did not yet import it, the module tile displays an Import <version> button that shows the latest version you can import. After you initiate an import, the operation must complete before you can import another module.

You can import a module version other than the latest if you previously exported the URL for that version: see Export and import a specific module version.

Re-import The latest version of the module is installed. You can re-import the module if necessary: see Import, re-import, or upgrade to the latest versions of specific modules.
Upgrade to <version> A new version of the module is available to which you can upgrade: see Import, re-import, or upgrade to the latest versions of specific modules. If you want the page to display tiles only for the modules that you can upgrade, click View Available Upgrades above the module tiles.
Available to Purchase Contact Tanium Support to purchase this module.
Documentation Click this link to see the user guide for the module.
Uninstall Click this link to uninstall the module: see Uninstall modules.

Module- and service-specific dependencies and default settings

Some Tanium modules and shared services cannot function unless you import dependent modules and services. To see a list of the dependencies for a module or service, go to the user guide for that solution. The user guides also list the default settings that are configured if you use the Install with Recommended Configurations button to import modules and services.

Table 2:   Module- and service-specific settings and dependencies
Product Dependencies Default Settings
Asset Tanium dependencies Import and configure Asset with default settings
Client Management Tanium dependencies Import and configure Client Management with default settings
Comply Tanium dependencies Import and configure Comply with default settings
Connect Tanium dependencies Import and configure Connect with default settings
Deploy Tanium dependencies Import and configure Deploy with default settings
Direct Connect Tanium dependencies Import and configure Direct Connect with default settings
Discover Tanium dependencies Import and configure Discover with default settings
Endpoint Configuration Tanium dependencies Import and configure Endpoint Configuration with default settings
End-User Notifications Tanium dependencies Import and configure End-User Notifications with default settings
Enforce Tanium dependencies Import and configure Enforce with default settings
Health Check Tanium dependencies Import and configure Health Check with default settings
Impact Tanium dependencies Import and configure Impact with default settings
Integrity Monitor Tanium dependencies Import and configure Integrity Monitor with default settings
Interact Tanium dependencies Import and configure Interact with default settings
Map Tanium dependencies Import and configure Map with default settings
Network Quarantine Tanium dependencies Import and configure Network Quarantine with default settings
Patch Tanium dependencies Import and configure Patch with default settings
Performance Tanium dependencies Import and configure Performance with default settings
Protect Tanium dependencies Import and configure Protect with default settings
Reputation Tanium dependencies Import and configure Reputation with default settings
Reveal Tanium dependencies Import and configure Reveal with default settings
Threat Response Tanium dependencies Import and configure Threat Response with default settings
Trends Tanium dependencies Import and configure Trends with default settings

Import and (optionally) configure the latest versions of all modules

After you install the Tanium Server and sign into the Tanium Console for the first time, the Tanium Solutions page opens and initially displays an Install with Recommended Configurations button. To initiate the workflow for importing, and optionally configuring, all your licensed modules and shared services in a single operation, you must click that button instead of using the module tiles.

Select the option to automatically configure modules with default settings unless your deployment requires non-default settings. You can manually configure some or all modules and services after installing them.

During the Install with Recommended Configurations workflow, the Tanium Server performs the following operations:

  1. Imports the following content packs:
    • Client Maintenance
    • Core Content
    • Core MSSQL Content
    • Initial Content - Python
  2. Imports and configures the modules and shared services.
  3. Creates a Default - All Computers action group and makes it the target for all scheduled actions that previously targeted the Default action group. The new action group specifies the All Computers computer group. Five minutes after re-targeting the actions, the Tanium Server deploys them as a one-time event. The server bases future deployments of the actions on their configured reissue interval: for details, see Manage scheduled actions.

After you complete the workflow, the Tanium Solutions page stops displaying the Install with Recommended Configurations button. To re-import or upgrade modules thereafter, see Import, re-import, or upgrade to the latest versions of specific modules. To re-import or upgrade shared services, see Manage Tanium shared services and content.

Before importing modules in an HA deployment, replace the self-signed certificates on the Tanium Servers with certificates that a certificate authority (CA) has signed. For details, see Module synchronization in an HA deployment.

After you read the release notes for your licensed modules, import and (optionally) configure them as follows:

  1. Access the Tanium Console by entering the fully qualified domain name (FQDN) of the Tanium Server in the browser URL field (https://ts1.example.com, for example).

    In HA deployments, automatic synchronization of the import operation between the HA peers works only if you specify the FQDN, not the IP address.

  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. Click Install with Recommended Configurations. Perform this step regardless of whether you want to automatically configure default settings for all, some, or none of the solutions.
  4. (Optional) To review the default settings for any solution, click Expand Expand beside its name.
  5. (Optional) Deselect the Apply Tanium recommended configurations check box for any solutions that you want to configure manually instead of using the default settings:
    • Manually configure all the listed solutions: Deselect the check box above the list of solutions.
    • Manually configure specific solutions: For each solution that you want to configure manually, click Expand Expand beside its name and deselect the check box above its list of settings.

    The Configuration Setting column displays Manual Configuration for the specified solutions.

  6. Click Begin Import.

    The Tanium Server imports and configures one solution at a time. Based on the number of licensed solutions to import, this might take several hours. A dialog displays the progress of the import and configuration processes.

  7. Click Close when the progress dialog indicates that the import and configuration succeeded.

    After you finish the operation, the Main menu displays the imported solutions under Modules and Administration > Shared Services.

Import, re-import, or upgrade to the latest versions of specific modules

After you read the release notes for the modules that you will import, re-import, or upgrade, perform the following steps to proceed with the operation. You can combine imports, re-imports, and upgrades in a single operation.

Before performing these steps in an HA deployment, replace the self-signed certificates on the Tanium Servers with CA certificates. For details, see Module synchronization in an HA deployment.

  1. Access the Tanium Console by entering the fully qualified domain name (FQDN) of the Tanium Server in the browser URL field (https://ts1.example.com, for example).

    In HA deployments, automatic synchronization of the import, re-import, or upgrade operations between the HA peers works only if you specify the FQDN, not the IP address.

  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. Select the check box at the top right of the tile for each module that requires the action, and click the action button above the tiles (such as Import Selected or Upgrade Selected).

    To perform the action on a single module, you can also click the Import, Reimport, or Upgrade button within the module tile.

  4. (Fresh imports only, optional) Deselect the Apply Tanium recommended configurations check box for any modules that you want to configure manually instead of using the default settings:
    • Manually configure all the listed modules: Deselect the check box above the list of modules.
    • Manually configure specific modules: For each module that you want to configure manually, click Expand Expand beside the module name and deselect the check box above its list of settings.

    The Configuration Setting column displays Manual Configuration for the specified modules.

  5. Select or deselect Automatically import solutions:
    • Select the check box (default): After you start the import, re-import, or upgrade, the Tanium Server performs the operation without prompting you to review module content or to select options for resolving conflicts with existing content. The server automatically overwrites or merges any existing content with the imported content.
    • Deselect the check box: After you start the import, re-import, or upgrade, the Tanium Server prompts you to review the content and select conflict resolution options for one module at a time.
  6. Click Begin Import.
  7. If you deselected the Automatically import solutions check box, perform the following tasks:
    1. Review the content to import and select resolutions for any conflicts with existing content (see Resolve conflicts when importing updates or configurations).
    2. If you want to overwrite existing content set assignments for all imported objects with the default Tanium-defined assignments, select Include content set overwrite. By default, the Include content set overwrite check box is deselected and the Tanium Server preserves the existing content set assignments.
  8. Click Import, Reimport, or Upgrade.

    The Tanium Server performs the operation for one module at a time. Based on the number of modules that you selected for the operation, this might take several minutes or several hours. A dialog displays the progress of the operation.

  9. Click Close when the progress dialog indicates that the import, re-import, or upgrade succeeded.

    Any imported modules appear under Modules in the Main menu.

  10. (Upgrades only) If the release notes for the upgraded modules list changes to the Tanium™ Trends boards, panels, or sources, perform the steps under Tanium Trends User Guide: Importing the initial gallery to re-import them.

Export and import a specific module version

For each module, you can export a URL for the module version that is currently installed on the Tanium Server. You can then sign into the Tanium Console of another Tanium Server and import that version from the URL. This option is useful for migrating a module version other than the latest between Tanium Servers. For example, after testing a specific module version in your lab environment, you can export the URL for that version and then import the module from that URL into your production deployment.

Before importing modules in an HA deployment, replace the self-signed certificates on the Tanium Servers with CA certificates. For details, see Module synchronization in an HA deployment.

  1. Sign into the Tanium Console of the Tanium Server that already has the desired module version.
  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. Click Export Export in the module tile.
  4. Click Copy to add the URL to your clipboard, and click Close.

    If you do not want to import the module immediately, paste the URL into a text file to store it for later.

  5. Sign into the Tanium Console of the Tanium Server to which you want to migrate the module version. When you access the console, enter the FQDN of the Tanium Server in the browser URL field (https://ts1.example.com, for example).

    In HA deployments, automatic synchronization of the import operation between the HA peers works only if you specify the FQDN, not the IP address.

  6. Click Import From URL at the top right of the page, paste the URL in the Import URL field, and click Import.

    The module tile turns green and its Upgrade to <version> button indicates the version that you imported.

  7. Upgrade to the imported version. The steps are the same as those described under Import, re-import, or upgrade to the latest versions of specific modules.

Uninstall modules

Before performing these steps in an HA deployment, replace the self-signed certificates on the Tanium Servers with CA certificates. For details, see Module synchronization in an HA deployment.

To uninstall a single module:

  1. Access the Tanium Console by entering the FQDN of the Tanium Server in the browser URL field (https://ts1.example.com, for example).

    In HA deployments, automatic synchronization of the uninstallation operation between the HA peers works only if you specify the FQDN, not the IP address.

  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. Click Uninstall at the bottom right of the module tile.

To uninstall multiple modules:

  1. Access the Tanium Console by entering the FQDN of the Tanium Server in the browser URL field (https://ts1.example.com, for example).
  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. Select the check box at the top right of the tile for each module that you want to uninstall, or click Select All above the tiles.
  4. Click Uninstall above the tiles.
  5. Click Close when the progress dialog indicates that the uninstallation succeeded.

Module synchronization in an HA deployment

The import, re-import, or upgrade operation for each module writes a workbench configuration to files on the Tanium Server host and adds an entry in the shared database logs. When you perform an operation involving a workbench on one Tanium Server in an HA deployment, its HA peer automatically attempts to perform the same operation. This automatic duplication on the HA peer also applies to uninstalling modules.

Module synchronization between HA peers works only if you specify the FQDN, not the IP address, when accessing the Tanium Console to perform the operations. Furthermore, you must use the default port (443) when accessing the console, not a custom port.

During module synchronization, Tanium Servers use their SOAPServer.crt certificates to authenticate to each other. If the certificates are CA signed, the servers establish trust automatically. If the certificates are self signed, you must manually enable trust between the servers to avoid synchronization errors

When you install Tanium Servers, they generate self-signed certificates by default. To facilitate synchronization, replace the self-signed certificates with CA certificates before importing modules. For the steps to replace certificates, see Tanium Core Platform Deployment Reference Guide: Securing Tanium Console, API, and Module Server access.

To prevent module synchronization errors on Tanium Servers that use self-signed certificates:

  1. Access the Tanium Console of each Tanium Server and, when the browser displays a certificate validation error, select the option to ignore the error and proceed to the server URL.

    This action enables the servers to trust each other for the duration of the current browser session.

  2. Complete the module operations (imports, upgrades, or uninstallations) within the current browser session.

    If the session times out during an operation, automatic synchronization fails and you must repeat the first step to re-enable trust.

If a network or certificate issue occurred during module synchronization such that module versions differ between HA servers, or one server does not have the module, a message indicates the discrepancies when you access the Tanium Solutions page (Figure  1). The message appears only in the Tanium Console of the server that has discrepancies based on the database log entries. For example, importing Tanium™ Asset might succeed on Tanium Server ts1.example.com but not on Tanium Server ts2.example.com. In this case, the database logs will have an entry only for ts1.example.com and the Tanium Console for ts2.example.com will display a discrepancy message. To resolve the discrepancies, repeat the import, upgrade, downgrade, or uninstallation process on the Tanium Server that has the discrepancies.

Contact Tanium Support for the procedure to downgrade modules.

Figure  1:  Mismatched module versions

Manage Tanium shared services and content

In the Tanium Solutions page, the Content section lists the content packs and shared services that you can import, re-import, upgrade, or uninstall. Tanium content is a set of configuration objects that Tanium develops and distributes for a particular purpose through content packs. For example, the Default Content pack includes the key configuration objects found on the Interact pages (categories, dashboards, and saved questions), Administration > Content pages (sensors, packages, saved questions, and filter groups), and Administration > Actions > Scheduled Actions page. In addition to managing content through content packs, you can also export specific content types (such as sensors) from one Tanium Server and import them into another Tanium Server.

The Tanium Server downloads a manifest of available Tanium content packs and shared services from content.tanium.com and displays them in the Content section. The section displays separate grids for two classes of content:

  • Supported Solutions: This is production content that includes the essential set of objects for querying endpoints and deploying actions. It also lists the shared services that you can manage.
  • Labs: This is an experimental set of configuration objects. Labs content is available only if you specified a Tanium™ lab license when installing the Tanium Server.

    Test configuration objects in a lab environment before importing them into a production environment.

If the grids show that the Imported Version lags the latest Available Version for a content pack or shared service, you can upgrade it.

Tanium Servers write content to the shared Tanium database. Therefore, after you import content on any single Tanium Server in an HA deployment, the content is available in the HA peer.

When you sign into the Tanium Console for the first time after installing the Tanium Server, the server automatically imports the Default Content and Default Computer Groups content packs. During this initial sign in session, you can import and (optionally) configure the latest versions of all shared services in a single operation by clicking Install with Recommended Configurations. This operation imports several basic content packs but you must import any other content packs separately.

During the Install with Recommended Configurations workflow, the best practice is to select the option to automatically configure shared services with default settings. However, if your deployment requires configurations that differ from the recommended default settings, you can manually configure some or all services after installing them. For a list of the default settings for each service, see Module- and service-specific dependencies and default settings.

For the procedure to Install with Recommended Configurations, see Import and (optionally) configure the latest versions of all modules.

You also have the option to import only a few shared services, or just one, at a time.

Import, re-import, or upgrade to the latest versions of specific shared services and content packs

  1. From the Main menu, go to Administration > Configuration > Solutions and scroll to the Content section.
  2. Select the content packs or services for the action you want to perform or click Select All.

    To filter the grid so that it includes only content packs and services for which upgrades are available, click View Available Upgrades.

  3. Click the button above the grid for the action you want to perform: import, re-import, upgrade, uninstall , or copy Copy (copies the grid information to the clipboard).

    To export Export a URL for downloading content, see Export and import a specific version of a shared service or content pack.

    For imports or upgrades, the Tanium Console prompts you to resolve any conflicts before proceeding: see Resolve conflicts when importing updates or configurations.

  4. (Shared service upgrades only) If the release notes for the upgraded services list changes to the Tanium Trends boards, panels, or sources, perform the steps under Tanium Trends User Guide: Importing the initial gallery to re-import them.

Export and import a specific version of a shared service or content pack

For each shared service or content pack, you can export a URL for the version that is currently installed on the Tanium Server. You can then sign into the Tanium Console of a Tanium Server in another environment and import that version from the URL. This option is useful for migrating a version other than the latest between Tanium environments. For example, after testing a specific service version in your lab environment, you can export the URL for that version and then import the service from that URL into your production deployment. You can export and import only one service or content pack at a time.

  1. Sign into the Tanium Console of the Tanium Server that already has the desired service or content pack version.
  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. Scroll to the Content section and select the Supported Solutions tab or (if you have a Tanium lab license) Labs tab.
  4. Select the service or content pack in the grid and click Export Export in the grid toolbar.
  5. Click Copy Copy to add the URL to your clipboard, and click Close.

    If you do not want to import the service or content pack immediately, paste the URL to a text file to store it for later.

  6. Sign into the Tanium Console in the environment to which you want to migrate the service or content pack version.
  7. Click Import From URL at the top right of the Tanium Solutions page, paste the URL in the Import URL field, and click Import.

    The Tanium Console prompts you to resolve any conflicts before proceeding: see Resolve conflicts when importing updates or configurations.

  8. (Shared service upgrades only) If the release notes for the upgraded services list changes to the Tanium Trends boards, panels, or sources, perform the steps under Tanium Trends User Guide: Importing the initial gallery to re-import them.

Export content configurations by type

Export the configurations of specific content types (such as sensors) or of all types as a CSV file to view their configuration settings in an application that supports CSV format. If you have the Administrator reserved role, you can also export content configurations as a JSON file to import them into another Tanium Server.

  1. From the Main menu, go to Administration > Configuration > Solutions.
  2. Scroll to the Content section and click Export Export Content.
  3. Select specific content types or Select All.
  4. Select the Export Format: Export as JSON (default and recommended) or Export as XML.
  5. Click Export.
  6. (Optional) Edit the default export File Name, which is in the format export-<date>-<time>.csv<format>.
  7. Click OK.

    The Tanium Server exports the file to the downloads folder on the system that you used to access the Tanium Console.

Import content configurations

Import content (such as sensor configurations) from a JSON or XML file that you exported from another Tanium Server.

Develop and test content in your lab environment before importing that content into your production environment .

  1. Digitally sign the content file and ensure a public key is in place to validate the signature, as described under Authenticating content files.
  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. Scroll to the Content section and click Import Content.
  4. Click Choose File, find and select the content file, and click Open.
  5. Click Import. If object names in the file are the same as for existing objects, the Tanium Console itemizes the conflicts and provides resolution options for each one.
  6. Select resolutions for any conflicts. For guidance, see Conflicts and Best practices, or contact Tanium Support (see Contact Tanium Support).
  7. Click Import again, and click Close when the import finishes.

Import Tanium Console UI updates

In the Main menu, the Console: <version> field displays the current version of the Tanium Console UI module. Tanium periodically provides updates to the module and the Tanium Server checks content.tanium.com for the updates. If an update is available, the Tanium Console displays a message under the Main menu, Upgrade Available: Console, and the adjacent Upgrade to <version> button displays the update version. Click Upgrade to <version> to install the update. Restarting the Tanium Server or your browser session is not necessary to initialize updates.

Upgrade the Tanium Console UI whenever an update is available.

Resolve conflicts when importing updates or configurations

When you import updates to Tanium modules, shared services, or content packs, or import a file that contains content (such as sensors or packages), conflicts might occur with existing content. After you review the Best practices for resolving import conflicts, perform the following steps:

  1. Start the import, re-import, or upgrade workflow for one of the following:
    • Modules: You must deselect the Automatically import solutions check box to review and manually resolve conflicts. Otherwise, the Tanium Server automatically overwrites or merges any existing content with the imported content. For details, see Manage Tanium modules.
    • Content packs: See Manage Tanium shared services and content.
    • JSON/XML content file: Use a private key to sign the file before you import it, and then copy the associated public key to the correct folder (see Authenticating content files). Then go to any Administration > Management > Solutions, scroll to the Content section, and click Import Content Import Content.

    A dialog itemizes any conflicts.

  2. Select an Import Option to resolve each conflict:
    • Overwrite: Replaces existing content with the imported content.
    • Skip: Skips the import for that item.
    • (Categories only) Merge: Unites objects included in the categories.

      Select Merge and then go to categories to review the resulting configuration.

    • (Saved actions only) Overwrite and Disable Action: This option is useful if you want the new action disabled by default. Later, when are ready to test the action, re-enable it: from the Main menu, go to Administration > Actions > Scheduled Actions, select the action, and select More > Enable Action(s).

    The solution or content file might include content set definitions. When you first establish your content sets, selecting Include content set overwrite is a best practice to ensure that content is assigned to the content sets that the content pack designer intended. After you implement your own role-based access control (RBAC) plan and move content to the content sets that you plan to use, do not select this option; otherwise, the assignments defined in the imported file will overwrite your content set assignment.

  3. Click Import, Reimport, or Upgrade. When the operation finishes, click Close.
  4. (Upgrades only) If the release notes for the upgraded modules or shared services list changes to the Tanium Trends boards, panels, or sources, perform the steps under Tanium Trends User Guide: Importing the initial gallery to re-import them.

Best practices for resolving import conflicts

The following tips can inform your decisions regarding conflicts when you import content.

Tip 1: Read the release notes

Always read the release notes for every solution or content version that was released since your last update. The release notes alert you to the scope of changes and might include notes that can help you avoid issues. Release notes also indicate the release date, which is important if you plan to import multiple content packs. Different content packs might include updates to the same basic sensors or packages. In this case, it is best to install the older content packs before the newer ones.

Tip 2: Confirm you have good restore points

Before you update a Tanium module, shared service, or content pack, confirm that you have recent restore points and backups in case something goes wrong. The Tanium database stores content configuration objects. The installation folders for the Tanium Server and Tanium Module Server include important files, such as encryption keys, a license file, string files, and other data files.

Schedule regular file system and database backups.

To schedule backups on a Tanium Appliance deployment, see Tanium Appliance Deployment Guide: Backup overview.

In a Windows deployment, you can back up the file system by moving copies of folders or individual files from the Tanium Server and Module server to a safe a location on a backup system. To back up the Tanium database on an MSSQL server:

  1. Sign into the MSSQL server and open the Microsoft SQL Server Management Studio program.
  2. In the Object Explorer, right-click <SQL server instance> > Databases > tanium and select Tasks > Back Up.
  3. Configure the backup options and click OK.

    Tanium database backup


Contact Tanium Support for the steps to back up the Tanium database on a PostgreSQL server in a Windows deployment.

Tip 3: Update your lab deployment first

Always update your lab servers first and evaluate the impact that changes might have on endpoints before updating your production servers. Perform the following tasks when updating your lab deployment:

  • Assess the impact on network utilization when the Tanium Server distributes content to endpoints. For certain content types, an update might result in additional network traffic. Usually, this additional traffic is negligible.
  • Test the functionality. If the content update includes sensors, saved questions, dashboards, or categories, test them by issuing questions and reviewing results. If it includes packages, deploy them. If the update includes saved actions, edit their configurations to assign them to the correct action groups.

After you qualify the updates on lab servers, import the updates on production servers and spot test the behavior of new or changed content.

Tip 4: Limit customizations to Tanium content

When you import Tanium updates, the configuration specified in the import overwrites the current configuration. In almost every case, overwriting is preferable to maintaining the current configuration because the updates include important changes that optimize performance, avoid issues, and make the associated tools more useful.

Limit customizations to Tanium content so that updates are minimally disruptive. Maintain notes of any changes you make. For example, keep a log of any changes to the Max Sensor Age setting, a package timeout, or a saved question reissue interval. Keep a log of the Tanium objects that you clone as a source for your custom objects.

When a content pack update becomes available, import it and redo the customizations that the import overwrote.

Tip 5: Re-create content that uses parameterized objects

When an import overwrites a parameterized sensor or parameterized package, it does not affect previously created saved questions or scheduled actions that reference them.

When you save a question that has a parameterized sensor, the sensor definition, including the substituted values, is saved in an object called a temp sensor. On the endpoint, the Tanium Client runs the temp sensor when it computes answers to a saved question that calls it. A saved question that the Tanium Server reissues based on a schedule continues to use the temp sensor even if the sensor on which it was based is updated. Therefore, if a sensor is updated, and you want the saved question to use the updated code, you must re-create the saved question.

Likewise, when a scheduled action is based on a parameterized package, the package definition, including the substituted values, is saved in an object called a temp package. On the endpoint, the Tanium Client runs the temp package when it has a directive to run the scheduled action that calls the package. A scheduled action continues to use the temp package even if the package on which it was based is updated. Therefore, if a package is updated, and you want the scheduled action to use the updated code, you must re-create the scheduled action.

Tip 6: Avoid bulk overwrites to Tanium content

Do not simply export the current configuration and then re-import it after the content upgrade finishes. This practice overwrites the sensor code with old versions and often has unexpected consequences. For example, a Tanium content pack includes a scheduled action to distribute patch tools when the patch tools version, which the Has Patch Tools sensor reports, does not match a particular value. If the package that provides the patch tools and updates the version uses a different version than the Has Patch Tools sensor expects, the Tanium Server continuously distributes the patch tools until the Has Patch Tools sensor uses the correct version.