Other versions

Managing action groups

You use action groups to define which managed endpoints are the targets for scheduled actions.

In Tanium Core Platform 7.1 and later, the default definition for the action group named Default includes the wildcard group named No Computers. This means that actions that target the Default action group have no impact. In previous releases, the Default action group included the wildcard group named All Computers. The previous behavior enabled deploying many core Taniumâ„¢ Initial Content packages to a wide set of endpoints. Tanium changed the Default definition in version 7.1 to force users to manage action groups before issuing actions to Tanium Clients.

Only users assigned the Administrator reserved roles can create, modify, or delete action group configurations.

Create an action group

  1. Go to Actions > Scheduled Actions.
  2. Click New Group to display the configuration page.
  3. Specify a Name and Visibility option, and select Computer Groups. You can combine the sets of computers using a Boolean AND or Boolean OR.
  4. Click Save.

Edit an action group

  1. Go to Actions > Scheduled Actions.
  2. Select the action group in the left pane.

    The console displays the group details in the right pane.

  3. Click Edit to display the configuration page.

Change the action group associated with an action

  1. Go to Actions > Scheduled Actions.
  2. Click a row in the grid to select the action you want to change.
  3. Click More > Change Group.
  4. Select the action group and click Confirm.

Delete an action group

  1. Go to Actions > Scheduled Actions.
  2. Select the action group in the left pane and click one of the following buttons. Both buttons open a dialog box that displays the action group details so that you can evaluate the impact of deleting.
    • Delete: This button appears if the action group has no existing scheduled actions. Click Delete Action Group to proceed.
    • Migrate and Delete: This button appears if the action group has existing scheduled actions. Select another action group in the Migrate existing scheduled actions to below selected action group drop-down list, and then click Transfer Actions and Delete Action Group.

Best practices

Move Tanium actions to their own group

The Tanium Initial Content and Client Maintenance content packs and other Tanium solutions include scheduled actions to ensure the endpoints have the tools needed to perform the functions in the sensors and packages deployed. You must reissue these scheduled actions to all endpoints to catch any new endpoints that do not have Tanium installed, endpoints that were rebuilt or had Tanium uninstalled, or virtual desktop infrastructure (VDI) endpoints that refresh on a regular basis. After the initial deployment, create an action group that includes All Computers, and move the Initial Content and Client Maintenance scheduled actions to this new group.

Define specific use for each action group

Action groups comprise one or more computer groups. You can create an action group for a particular event and add computer groups over time: first a test group, then OS type groups or region groups.

Limit access to edit action groups

Coordinate changes you make to the action groups configuration with all affected administrators. An administrator might have configured scheduled actions that target the set of computers that belong to the action group as it existed when the scheduled action was last configured.

Last updated: 11/28/2018 10:20 AM | Feedback