Managing scheduled actions and action history

A scheduled action configuration has the following components:

  • Package
  • Schedule settings, including start and end times, and reissue intervals
  • Targeting criteria specifying the endpoints that will run the action

The Tanium Server creates a scheduled action when you deploy an action from the Question Results grid and specify a reissue interval. When you install the Tanium Server, it automatically creates a set of scheduled actions while importing initial content packs. These predefined actions relate to the hygiene of the Tanium environment. The Tanium Server creates additional scheduled actions when you import certain other Tanium content packs and Tanium solution modules.

For the user role permissions required to manage scheduled actions and see action history, see Action management permissions.

Manage scheduled actions

Perform the following steps to manage scheduled actions that are already defined. To create a new scheduled action, see Deploying actions.

  1. Go to Actions > Scheduled Actions.
  2. Select the action that you want to manage. Action buttons for administrative tasks appear above the grid. The available buttons depend on the row you select. For example, the unlabeled status column displays a green checkmark to indicate enabled actions and a red minus to indicate disabled actions. When you open the More drop-down list for an enabled action, the options include Disable Action, but not Enable Action. If the status column indicated a disabled action, the More list would include Enable Action but not Disable Action.
  3. Click a button to perform one of the following tasks.
    Button / TaskGuideline
    ReissueDisplays the Reissue Action page. You can change the name, schedule, and targeting criteria.
    EditDisplays the Edit Action page. You can change the schedule and targeting criteria.
    Package StatusDisplays package details. You can use this dialog box to re-download package files if you had encountered issues with out-of-date files: see Re-download package files.
    More > Enable/Disable ActionEnables/disables the scheduled action.
    More > Change GroupAssigns the scheduled action to a new action group. An action group contains one or more computer groups.
    More > Copy ActionCopies the scheduled action to a new action group.
    More > Copy TextCopies the grid row data to the clipboard.
    More > ExportExports the configuration details for the selected item as an XML file.
    More > DeleteDisplays the Delete Action page. You can review the configuration before you delete it.

Manage actions that are completed or in progress

The Action History page provides a chronology of initiated, completed, and scheduled actions. You can also use the page to show the status of actions, display action log data, stop actions that are in progress, and reissue actions.

  1. Go to Actions > Action History. The page displays the Status of each action:
    • Open: The time window for the action has not expired. The expiration period is the larger result from the following calculations:
      • The package Command Timeout + Download Timeout values
      • The package Command Timeout + the scheduled action Distribute over value
    • Closed: The time window has expired. If an action is reissued, the grid displays a new row based on the new start time.
    • Stopped: An administrator stopped the action.
  2. Use data range filters, computer group filters, text filters, and row sorting to find actions that require administrative action.
  3. Select the action that you want to manage. Action buttons appear above the grid, indicating the administration tasks you can perform for the selected action.
  4. Click a button to perform one of the following tasks.
    Table 1:   Action History administration tasks
    Button / TaskGuideline
    Show StatusDisplay the Action Summary page to see additional status details and get information from action logs: see View action summary and status.
    StopStop the action.
    ReissueDisplay the Reissue Action page. You can change the name, schedule, and targeting criteria.
    CopyCopy the grid row data to the clipboard.

View action summary and status

The Action Summary page opens automatically when you deploy an unscheduled action so that you can track its progress. You can also open the page from the Actions > Action History page by selecting an action and clicking Show Status. The Action Summary page displays details about actions that are completed or in progress, and enables you to Re-download package files.

Figure  1:  Action Summary page

Action states

Tanium Clients report the following states for actions:

  • Waiting: Waiting to download files necessary to start the action.
  • Downloading: Files necessary to start the action are downloading. This state applies only if the action has files to download.
  • Running: Action is currently executing.
  • Waiting to Retry: Action will be retried shortly.
  • Completed: Action has successfully been completed.
  • Expired: Action did not start or complete within the available time window.
  • Failed: Action was not successfully completed.
  • Verified: Action completed and a verification question was used to verify success. This state applies only if the action has files to download.

Investigate action-related issues

Perform the following steps to investigate issues related to an action:

  1. Open the Action Summary page for the desired action, and click Show Client Status Details.
  2. Select up to 50 endpoints in the preview list, and click Get action log for selected machines.

    The Tanium Server then issues the question Get Computer Name and Tanium Action Log[<action_ID>, 100] from all machines with (Computer Name equals <computer_name>) through the Interact Question Bar. Endpoints that ran the action respond with the first 100 lines of the corresponding action log. Endpoints that did not run the action respond with Error: Cannot read Action_<ID>.log.

Track the Action IDs

The Tanium Server assigns an action ID to each action that you deploy. Knowing the ID is useful when you want to see details about an action. For example, if you want to investigate unexpected outcomes related to actions (such as package scripts that failed to run), you can use action IDs to find and review actions logs and action history log entries. The Tanium Console displays action IDs in multiple places.

  • The Actions > Action History page displays an action ID column.
  • The Action Summary page displays the Action ID in the Details section and in the browser URL (see View action summary and status).

On managed endpoints, the Tanium Client displays action IDs in the action status file and log files.

  • In the <ClientInstallationFolder>\Downloads\config\ActionStatuses.ast file, action IDs map each action to its status.
  • In the <ClientInstallationFolder>\Downloads folder, each action log display the associated action ID in its filename.
  • In the <ClientInstallationFolder>\Logs folder, action history logs identify actions by their IDs.

Import or export a scheduled action configuration

As a best practice, test scheduled actions in your lab before importing them into your production environment.

Export specific actions

  1. Go to Actions > Scheduled Actions.
  2. Select one or more actions and select More > Export.
  3. Enter a File Name or accept the default, and then click OK. The Tanium Server exports the XML file to the Downloads folder on the system you use to access the Tanium Console.

Export the complete scheduled actions configuration

  1. From any Content or Permissions page, click Export to XML in the top right of the Tanium Console.
  2. Select Saved Actions and click Export.
  3. Enter a File Name or use the default name, and then click OK. The Tanium Server exports the XML file to the Downloads folder on the system you use to access the Tanium Console.

Import an actions configuration

  1. Use KeyUtility.exe to sign the XML configuration file before you import it. As a one-time action, you must also copy the associated public key to the correct folder. For the procedures, see Signing content XML files.
  2. Go to any Content or Permissions page and click Import from XML at the top right of the page.
  3. Click Choose File, find and select the configuration file, and click Open.
  4. Click Import. If object names in the file are the same as for existing objects, the Tanium Console itemizes the conflicts and provides resolution options for each one.
  5. Select resolutions for any conflicts. For guidance, see Conflicts and Best practices, or consult your TAM.
  6. Click Import again, and click Close when the import finishes.

Last updated: 7/30/2019 3:03 PM | Feedback