Exploring data

A map displays the endpoints that are associated with an application or set of defined IPs. You can drill down to individual application components to see how an application is dependent on each endpoint.

Explore maps

  1. Change the map grouping to reveal different types of patterns. You can change the Group By setting to AD Domain, AD Organizational Unit, Chassis Type, Domain Name, Operating System, Tanium Client Subnet, Time Zone, or Virtual Platform. If a group consists of multiple categories, each category is displayed in a different color.
  2. Click a group to display a list of the endpoints in the group node. To visualize all of the endpoints in the group, double click the group node.
  3. Show endpoints in the map. To highlight specific endpoints in the map, select the endpoints from the list, then click Show Selected.
  4. Look at inferred nodes. Inferred nodes are computers or other network devices that are communicating with your endpoints, but do not have the Tanium Client installed. Click the Inferred nodes group in the map to view a list of IPs.
  5. To collapse expanded groups, click Collapse All.

 

View endpoint details

Drill down to a specific endpoint to see the applications and processes that are running on that host. For example, if you are planning to perform maintenance on an endpoint, you can see what applications might be affected by the outage.

  1. From an application or endpoint map, double click an endpoint node.
  2. Click the Defined Applications tab. The list of applications comes from the defined applications in Map. These applications might be dependent on the selected endpoint.
  3. Click the Processes tab. Review the list of processes. Expand a process section to view more information, including the ports and full path. If you see that a process listed is a component of an application that you want to map, select the process and click Actions. You can add the process to a new application, existing application, or view the process in the map.

 

Filter maps

Simplify the map by filtering the contents. For example, you might want to focus on server-type operating systems when you are looking at an application map to remove the users of the application from the map.

  1. In a map, expand the Filter Results section.
  2. Add filters. Click Add to create a filter rule that is at the same level as the selected rule. If you create multiple rules, the rules are combined with an AND operator. When you are done editing the filter, click Apply.
  3. To remove the filter on the map, click Clear Filter.

Refresh map data

The map shows the time that the data was last updated. If you want to update the data in the map, click Refresh Data. The saved question is asked of the endpoints again to populate the map. To view the results of the saved question that is used to generate the map, click Interact .

Last updated: 9/6/2018 3:24 PM | Feedback