Managing scheduled actions and action history

A scheduled action configuration specifies the following:

  • Package
  • Schedule settings, including start/end times and reissue intervals
  • Targeting criteria specifying the endpoints that will run the action

The Tanium Server creates a scheduled action when you deploy an action from the Question Results grid. When you install the Tanium Server, it automatically creates a set of scheduled actions while importing initial content packs. These predefined actions relate to the hygiene of the Tanium environment. The Tanium Server creates additional scheduled actions when you import certain other Tanium content packs and Tanium solution modules.

Administer scheduled actions

To perform administration tasks related to scheduled actions, go to the Actions > Scheduled Actions page, which lists the actions in a grid. When you select a row, action buttons for administrative tasks appear above the grid. The available buttons depend on the row you select. For example, the unlabeled status column displays a green checkmark to indicate enabled actions and a red minus to indicate disabled actions. When you open the More drop-down list for an enabled action, the options include Disable Action, but not Enable Action. If the status column indicated a disabled action, the More list would include Enable Action but not Disable Action.

Figure  1:  Scheduled Actions page

The following table summarizes the administration tasks.

Table 1:   Scheduled actions administration tasks
Task Guideline
Reissue Displays the Reissue Action page. You can change the name, schedule, and targeting criteria.
Edit Displays the Edit Action page. You can change the schedule and targeting criteria.
Package Status Displays package details. You can use this dialog box to re-download the package if you had encountered issues with an out-of-date package.
Enable/Disable Action Enables/disables the scheduled action.
Change Group Assigns the scheduled action to a new action group. An action group contains one or more computer groups.
Copy Action Copies the scheduled action to a new action group.
Copy Text Copies the grid row data to the clipboard.
Export Exports the configuration details for the selected item as an XML file.
Delete Displays the Delete Action page. You can review the configuration before you delete it.

Manage Action History

To view a chronology of initiated, completed, and scheduled actions, go to the Actions > Action History page, which displays the Status of each action:

  • Open: The time window for the action has not expired. The expiration period is the larger result from the following calculations:

    • The package Command Timeout + Download Timeout values
    • The package Command Timeout + the scheduled action Distribute over value

  • Closed: The time window has expired. If an action is reissued, the grid displays a new row based on the new start time.

  • Stopped: An administrator stopped the action.

You can use data range filters, computer group filters, text filters, and row sorting to find actions that require administrative action. When you select a row, action buttons appear above the grid, indicating the administration tasks you can perform for the selected action.

Figure  2:  Action History page

The following table summarizes the administration tasks.

Table 2:   Action History administration tasks
Task Guideline
Show Status Display the Action Status page to see additional status details.
Stop Stop the action.
Reissue Display the Reissue Action page. You can change the name, schedule, and targeting criteria.
Copy Copy the grid row data to the clipboard.

The following figure shows the Action Status page.

Figure  3:  Action Status page

Tanium Clients report the following progress and completion states for actions:

  • Waiting: Waiting to download files necessary to start the action.
  • Downloading: Files necessary to start the action are downloading.
  • Running: Action is currently executing.
  • Waiting to Retry: Action will be retried shortly.
  • Completed: Action has successfully been completed.
  • Expired: Action did not start or complete within the available time window.
  • Failed: Action was not successfully completed.
  • Verified: Action completed and a verification question was used to verify success.

Understand Action ID

The Tanium Server assigns an action ID to each action that you deploy. Knowing the ID is useful when you want to see details about an action. For example, if you want to investigate unexpected outcomes related to actions (such as package scripts that failed to run), you can use action IDs to find and review actions logs and action history log entries. The Tanium Console displays action IDs in multiple places.

  • The Actions > Action History page displays an action ID column.
    Figure  4:  Action ID on the Action History page
  • The Action Status page displays the Action ID in the Details section and in the browser URL. This page opens automatically when you deploy an unscheduled action. You can also open the page from the Action History page.
    Figure  5:  Action ID on the Action Status page

On managed endpoints, the Tanium Client displays action IDs in the action status file and log files.

  • In the <ClientInstallationFolder>\Downloads\config\ActionStatuses.ast file, action IDs map each action to its status.
    Figure  6:  Action ID in the ActionStatuses.ast file
  • In the <ClientInstallationFolder>\Downloads folder, each action log display the associated action ID in its filename.
    Figure  7:  Action IDs in Action_<ID>.txt logs
  • In the <ClientInstallationFolder>\Logs folder, action history logs identify actions by their IDs.
    Figure  8:  Action IDs in action-history.txt logs

Import/export a scheduled action configuration

As a best practice, test scheduled actions in your lab before importing them into your production environment.

User role requirements

Users can export specific scheduled actions for which they have Write Action permission. Users with the Administrator or Content Administrator reserved role can export and import the complete scheduled actions configuration.

Export specific actions

  1. Go to Actions > Scheduled Actions.
  2. Select one or more actions and select More > Export.
  3. Enter a File Name or accept the default, and then click OK. The Tanium Server exports the XML file to the Downloads folder on the system you use to access the Tanium Console.

Export the complete scheduled actions configuration

  1. From any Content or Permissions page, click Export to XML in the top right of the Tanium Console.
  2. Select Saved Actions and click Export.
  3. Enter a File Name or use the default name, and then click OK. The Tanium Server exports the XML file to the Downloads folder on the system you use to access the Tanium Console.

Import an actions configuration

  1. Use KeyUtility.exe to sign the XML configuration file before you import it. As a one-time action, you must also copy the associated public key to the correct folder. For the procedures, see Signing content XML files.
  2. From any Content or Permissions page, click Import from XML at the top right of the Tanium Console.
  3. Click Choose File, find and select the configuration file, and click Open.
  4. Click Import. If object names in the file are the same as for existing objects, the Tanium Console itemizes the conflicts and provides resolution options for each one.
  5. Select resolutions for any conflicts. For guidance, see Conflicts and Best practices or consult your TAM.
  6. Click Import again, and click Close when the import finishes.

Last updated: 6/4/2019 4:33 PM | Feedback