Exploring map data

A map displays the endpoints that are associated with an application or set of defined IP addresses. You can drill down to individual application components to see how an application is dependent on each endpoint.

Explore maps

  • Browse the map. Scroll to zoom. Click and drag in the white space behind the nodes to move the entire map.
  • Change the map grouping to reveal different types of patterns. You can change the Group By setting to AD Domain, AD Organizational Unit, Chassis Type, Domain Name, Operating System, Tanium Client Subnet, Time Zone, or Virtual Platform. If a group consists of multiple categories, each category is displayed in a different color.
  • Click a group to display a list of the endpoints in the group node. To visualize all of the endpoints in the group, double click the group node.
  • Highlight endpoints in the map.
    Select the endpoints from the list, then click Actions > Highlight in Map. This selection keeps the entire list of endpoints displayed.
  • Select endpoints in the map.
    Select endpoints from the list, then click Actions > Select in Map. This selection displays only the selected endpoints in the list in the remaining view.
  • Look at inferred nodes. Inferred nodes are computers or other network devices that are communicating with your endpoints, but do not have the Tanium Client installed. Click the Inferred nodes group in the map to view a list of IPs.
  • Select inbound or outbound endpoints in the map.
    In the Endpoints tab, select an endpoint from the list, then click Actions > Select Inbound Endpoints or Actions > Select Outbound Endpoints. For example, if you select a client and then choose to display outbound endpoints, you can highlight the server to which that client connects. This selection displays only the selected endpoints in the list in the remaining view.
  • Collapse expanded groups. Click Collapse All. To deselect nodes that you selected in the map, click Deselect All.
  • Pin a node to a spot in the map so that it does not move when you move other nodes around. To pin a node, click and drag the endpoint. A pin is displayed next to the node. Click the pin to remove the pinned state.


View endpoint details

Drill down to a specific endpoint to see the applications and processes that are running on that host. For example, if you are planning maintenance on an endpoint, you can see what applications an outage might affect.

  1. From an application map or endpoint map, double click an endpoint node.
  2. Click the Connections tab. With the endpoint selected, this list shows a list of outbound connections from this endpoint to other endpoint processes. The process name, computer name, and IP address of each endpoint connection is displayed. To export detailed connection information, select items and go to Actions > Export Endpoint and Connection Data.
  3. Click the Applications tab. The list of applications comes from the defined applications in Map.
  4. Click the Processes tab. Review the list of processes. Expand a process section to view more information, including the ports and full path. If you see that a process listed is a component of an application that you want to map, select the process and click Actions. You can add the process to a new application, existing application, or view the process in the map.


Filter maps

Simplify the map by filtering the contents. For example, you might want to focus on server-type operating systems when you are looking at an application map to remove the users of the application from the map.

  1. In a map, expand the Filter Results section.
  2. Add filters. Click Add to create a filter rule that is at the same level as the selected rule. If you create multiple rules, the rules are combined with an AND operator. When you are done editing the filter, click Apply.
  3. To remove the filter on the map, click Clear Filter.

Refresh map data

The Data Last Updated Field in the map shows the time that the data was last updated. If you want to update the data in the map, click Refresh Data. The saved question is asked of the endpoints again to populate the map. To view the results of the saved question that is used to generate the map, click View Tanium Question Information .

Export endpoint and traffic data

You can export data from the map about the endpoints and traffic to a CSV file. The CSV file contains information for all aspects of the map, including applications, computer name, IP address and subnet, process name, connections, and operating system.

To export data for the entire map, click Export.

To export from a selection in the Endpoints, Applications, Processes, or Connections tab, select the items and click Actions > Export Endpoint and Connection Data.