Example: Parameterized sensors
Parameterized sensors prompt you to specify a value when asking a dynamic question. If you save the question, the sensor value becomes part of the saved question configuration. When you then issue the saved question,
Registry Value Data is a Tanium-provided parameterized sensor. When you use that sensor in a dynamic question,
When you specify values and click Ask Question,
When you save a question that has a parameterized sensor, the sensor definition, including the substituted values, is saved in an object called a temporary sensor. On the endpoint, the Tanium Client runs the temporary sensor when it computes answers to a saved question that calls it.
Sensor script
When you develop the sensor script (see Create a sensor), enclose the input parameters with double vertical bars (||), like ||strKey|| in the following example.
The Tanium Server encodes parameter data before passing it to the underlying script and the data must have UTF-8 decoding applied before use. The Registry Value Data sensor script in Figure 3 uses an @include to the i18n/UTF8Decode.vbs script. This script ensures that user input in the Tanium Console form is properly encoded when passed to the sensor script.
'- Begin file: i18n/UTF8Decode.vbs
'========================================
' UTF8Decode
'========================================
' Used to convert the UTF-8 style parameters passed from
' the server to sensors in sensor parameters.
' This function should be used to safely pass non english input to sensors.
'-----
'-----
Function UTF8Decode(str)
Dim arraylist(), strLen, i, sT, val, depth, sR
Dim arraysize
arraysize = 0
strLen = Len(str)
for i = 1 to strLen
sT = mid(str, i, 1)
if sT = "%" then
if i + 2 <= strLen then
Redim Preserve arraylist(arraysize + 1)
arraylist(arraysize) = cbyte("&H" & mid(str, i + 1, 2))
arraysize = arraysize + 1
i = i + 2
end if
else
Redim Preserve arraylist(arraysize + 1)
arraylist(arraysize) = asc(sT)
arraysize = arraysize + 1
end if
next
depth = 0
for i = 0 to arraysize - 1
Dim mybyte
mybyte = arraylist(i)
if mybyte and &h80 then
if (mybyte and &h40) = 0 then
if depth = 0 then
Err.Raise 5
end if
val = val * 2 ^ 6 + (mybyte and &h3f)
depth = depth - 1
if depth = 0 then
sR = sR & chrw(val)
val = 0
end if
elseif (mybyte and &h20) = 0 then
if depth > 0 then Err.Raise 5
val = mybyte and &h1f
depth = 1
elseif (mybyte and &h10) = 0 then
if depth > 0 then Err.Raise 5
val = mybyte and &h0f
depth = 2
else
Err.Raise 5
end if
else
if depth > 0 then Err.Raise 5
sR = sR & chrw(mybyte)
end if
next
if depth > 0 then Err.Raise 5
UTF8Decode = sR
End Function
'- End file: i18n/UTF8Decode.vbs
In shell scripts, you can use a function similar to the following to decode the parameter data:
#!/bin/sh
percent_decode() {
local data=$(echo "$1" | sed 's/%/\\\x/g')
/usr/bin/printf '%b' "$data"
}
myVariable=`percent_decode "||parameter_value||"`
The printf utility might not be available or might not work correctly on all Linux, macOS, and UNIX platforms. A more fool-proof but less elegant implementation is:
#!/bin/sh
brute_force_percent_decode() {
# decode everything between 0x20-0x7E except:
#0 1 2 3 4 5 6 7 8 9 (0x30-0x39)
#A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (0x41-0x5A)
#a b c d e f g h i j k l m n o p q r s t u v w x y z (0x61-0x7A)
echo "$1" | sed -e 's/%20/ /g' \
-e 's/%21/!/g' \
-e 's/%22/"/g' \
-e 's/%23/#/g' \
-e 's/%24/$/g' \
-e 's/%25/%/g' \
-e 's/%26/\&/g' \
-e "s/%27/'/g" \
-e 's/%28/(/g' \
-e 's/%29/)/g' \
-e 's/%2[aA]/*/g' \
-e 's/%2[bB]/+/g' \
-e 's/%2[cC]/,/g' \
-e 's/%2[dD]/-/g' \
-e 's/%2[eE]/./g' \
-e 's#%2[fF]#/#g' \
-e 's/%3[aA]/:/g' \
-e 's/%3[bB]/;/g' \
-e 's/%3[cC]/</g' \
-e 's/%3[dD]/=/g' \
-e 's/%3[eE]/>/g' \
-e 's/%3[fF]/?/g' \
-e 's/%40/@/g' \
-e 's/%5[bB]/[/g' \
-e 's/%5[cC]/\\/g' \
-e 's/%5[dD]/]/g' \
-e 's/%5[eE]/^/g' \
-e 's/%5[fF]/_/g' \
-e 's/%60/`/g' \
-e 's/%7[bB]/{/g' \
-e 's/%7[cC]/|/g' \
-e 's/%7[dD]/}/g' \
-e 's/%7[eE]/-/g'
}
myVariable=`brute_force_percent_decode "||parameter_value||"`
Parameter input settings
Parameter Inputs that you set in a sensor configuration determine the settings that the Tanium Console prompts users to configure upon issuing a question with parameterized sensors (see Questions with parameterized sensors). In the Key field, specify the parameter names that are used in the script. Do not enter the double vertical bars (||). The bars are included automatically when you add a parameter.
The most common widget for user input is a text box, but you can select any of the following options:
- Checkbox: The user enables a setting by checking a box. The value 0 or 1 is entered into the variable. The sensor returns 1 if checked and 0 if not checked.
- Date, Date Time, Date Time Range: The user selects a date and time or a date-time range. The date-time format is epoch with milliseconds. For a range, the user specifies two date-times separated by a pipe.
- Drop Down List: The user selects only one option from a list.
- List: The user selects one or more values. Multiple values are separated by a pipe.
- Numeric: The user enters a number. The input can be controlled with minimum and maximums. You can specify a Step Size to require that the input be divisible by the specified value. Snap Interval is the amount that a number is increased or decreased by pressing the up or down button respectively. The Step Size value should be a multiple of the Snap Interval value unless Snap Interval is 0. The user-selected number is entered into the variable.
- Numeric Interval: The user selects a number and an item from a list. The list item has a numeric value. The value entered into the variable is the result of the multiplication. For example, if a user selects 2 and selects High (with high having a value of 3), the value is 6 in the variable.
- Separator: A separator is a graphical way to separate sections in the user input form.
- Text Area: The user enters a large amount of text. The text is entered into the variable.
- Text Input: The user enters text input. Allowed entries can be controlled with regular expressions. The user input is entered into the variable.
- Time: The user selects a time from a drop-down list. The input can be subject to restrictions.
Most parameter types provide Options for specifying read-only values that help users understand how to configure the parameters when issuing a question. Figure 4 shows the read-only values that you can specify for Text Input. The Preview section shows how the settings appear when users issue a question. Note that the Provide Help Text content appears as a tooltip when a user hovers over Information 
:
Last updated: 7/22/2021 7:56 AM | Feedback