Performing weekly maintenance

Review and resolve critical and high TPAN findings

Check the TPAN report for critical or high findings:

  1. Copy the latest Tanium Platform Analyzer (TPAN) report to wherever you store Tanium files for diagnostics. See Tanium Health Check User Guide: Download a TPAN report.
  2. Open the report and select the Findings page to see if Critical or High findings exist.
  3. Troubleshoot any Critical or High findings. See Tanium Core Platform Deployment Reference Guide: Troubleshoot issues during server deployment or solution operations.
  4. Contact Tanium Support for help troubleshooting the findings if necessary.

Review all TPAN findings, including Medium and Low findings, during monthly maintenance.

Review the Tanium Client deployment

Check how many endpoints are running the Tanium Client (managed endpoints), how many clients function as endpoint leaders in Tanium™ linear chains, and the state of custom or enhanced tags on the clients.

Review and remediate Tanium Client issues during monthly maintenance.

Check the endpoint leader percentage

In linear chains of Tanium Clients, minimizing the percentage of endpoints that function as leaders helps to reduce bandwidth usage in communications with Tanium Servers and Tanium™ Zone Servers. The leader percentage varies among networks and no specific percentage is ideal for all networks. However, unexpected changes in the percentage might indicate network issues that your networking team must address. For example, a sharp increase in the percentage might cause excessive wide area network (WAN) traffic. Therefore, monitor changes in the leader percentage over time by recording the percentage at weekly intervals.

For details about leaders, linear chains, and how the servers evaluate subnet boundaries, see Tanium Client Management User Guide: Client peering.
  1. Open the latest TPAN report and select the Tuning page.

  2. Check the value of What's the actual or anticipated leader count percentage?

    Typically, this value does not change significantly unless your network changes in ways that affect the number and size of client subnets.

  3. If the leader percentage changes more than expected, investigate the possible causes. The percentage might change if:
    • Subnets join or leave your network. Check the endpoint count to see if the number of managed endpoints has changed. If the change is due to new subnets, verify that they are authorized to join your network. If the change is due to subnets no longer registering with Tanium Servers or Tanium Zone Servers, verify whether network disruptions or misconfigurations are responsible.
    • A shift occurs between the number of users who are connecting within your internal network and the number who are connecting through virtual private network (VPN) connections. Typically, VPN endpoints do not peer with each other and therefore each one is effectively a leader. See Tanium Client Management User Guide: Configure isolated subnets.
  4. Contact Tanium Support for help optimizing the leader count, if necessary.

Check the endpoint count

The number of managed endpoints might fluctuate as endpoints join or leave your network. View the number of managed endpoints to check for potential anomalies and to ensure compliance with your Tanium license:

  • Go to the Tanium Home page to check the Total Endpoints. This field displays the most accurate tally of online and offline managed endpoints that have registered with Tanium™ Cloudthe Tanium Server or Zone Server within the retention period (default is 30 days). For details, see Tanium Console User Guide: View environment status.

    If the endpoint count is lower than expected, investigate whether network disruptions or misconfigurations prevent endpoints from registering. If the count is higher than expected, verify that the new endpoints are authorized to join your network.

    You can configure an automatic Discover label and a Connect destination to alert you when endpoints become unmanaged. See Tanium Client Management User Guide: Audit and remediate disconnected Tanium Clients.

  • Go to Administration > Configuration > Client Status to check the endpoint count as it relates to your Tanium license, regardless of whether it matches the Total Endpoints value on the Tanium Home page. For details, see Tanium Console User Guide: View managed endpoints count for license compliance.

    Track changes in the weekly endpoint count to project future growth. Contact Tanium Support to update your license for a higher number of maximum managed endpoints if necessary.

Review and update tags

If you use computer groups for which membership is based on custom tags or enhanced tags, review which endpoints have which tags. Deploy changes to the tags and configure new computer groups if necessary.

Review and update enhanced tags

For the steps to review and update enhanced tags, sign in to the Tanium™ Knowledge Base and see the Enhanced Tags Documentation.

Review and update custom tags

  1. Determine which endpoints have which tags. See Tanium Console User Guide: Review custom tags.
  2. Add or remove custom tags if necessary. See Tanium Console User Guide: Manage custom tags for computer groups.
  3. Create or delete computer groups with tag-based membership if necessary. See Tanium Console User Guide: Managing computer groups.

    You cannot change the membership definition of existing computer groups. You must delete existing groups and recreate them with the correct definition.

  4. Add or edit action groups to target tag-based computer groups if necessary. See Tanium Console User Guide: Managing action groups.

Review and update actions that target No Computers

Actions that target the Default action group do not deploy to endpoints because Default includes only the No Computers computer group. In some cases, Default might be targeted to prevent unexpected changes on endpoints. Perform the following steps to review the actions that target Default, assess whether your environment is ready for deploying the actions, and assign a different action group if necessary.

If you want actions that target Default to deploy to endpoints, assign a different action group instead of reconfiguring Default to include other computer groups.

For information about actions that target Default, see Tanium Console User Guide: Reconfigure actions that target the Default action group.

  1. From the Main menu, go to Administration > Actions > Action Groups.
  2. In the Name column, click Default to view the configuration of that action group.
  3. Verify that the assigned Computer Groups include only No Computers.

    If other computer groups are assigned, deselect them and click Save.

  4. From the Main menu, go to Administration > Actions > Scheduled Actions.
  5. In the Action Group drop-down, select Default to list only the actions that target that action group.
  6. If you want to deploy any of the listed actions to endpoints, assign the actions to a different action group. See Tanium Console User Guide: Edit action group assignments for scheduled actions.

Review and update scheduled actions during quarterly maintenance.

Review Tanium™ Deploy metrics

Monitor Deploy metrics and update the configurations, if necessary.

  1. From the Main menu, go to Modules > Trends > Boards.
  2. Click IT Operations Metrics to view the Maintenance Coverage, Endpoints Missing Software Updates Released Over 30 Days, Mean Time to Maintenance Software, and Software Installed by Self Service User Request panels in the Deploy section.
  3. Tanium Deploy User Guide: Monitor and troubleshoot Deploy coverage.
  4. Tanium Deploy User Guide: Monitor and troubleshoot endpoints missing software updates released over 30 days.
  5. Tanium Deploy User Guide: Monitor and troubleshoot mean time to deploy software.
  6. Tanium Deploy User Guide: Monitor and troubleshoot software installed by self service user request.