Tanium actions overview
After you use Tanium Interact to issue a question, analyze the question results, and determine which endpoints require administrative action, you can deploy a package to those endpoints so that the Tanium Client can run the associated action. In a Tanium deployment, a package comprises a command, a script, and any related files required to execute an action on a managed endpoint. For example, the package named Clean Stale Tanium Client Data includes a Windows command-line command that executes a Visual Basic Script that removes stale data from the Tanium Client directory and safely kills any stale sensor or action processes.
For the user role permissions required to manage actions, see Action management permissions.
The following are key terms and concepts relating to actions:
Action groups are designed to target actions so that
Action locks prevent actions from running on an endpoint. You might want to deploy action locks if, for example, you encounter unexpected behavior on endpoints and want to suspend actions during debugging. For details and related procedures, see Managing action locks.
Scheduled actions are actions that
Scheduled actions target endpoints based on saved questions. If you delete the saved question that a scheduled action uses for targeting, the action continues using that question for targeting and
Action approval supports organizations that have policies that require an approval process. When action approval is enabled, the signed-in user who deploys the scheduled action cannot also approve it. The action is on hold until another user approves it. The approving user must have a role with the Approve Action permission. For scheduled actions, the approval remains in force until the scheduled end date or until a user edits the action configuration. For details and related procedures, see Managing action approval.
Last updated: 1/12/2021 5:16 PM | Feedback