Managing packages

Packages overview

A package configuration includes settings, a command, a script, and any other files needed to orchestrate an action on a managed endpoint. You can deploy a package from the Interact Question Results grid by initiating the action deployment workflow.

The Tanium Client service runs with the permissions of the LocalSystem or root account, so it can perform almost any command line instruction available to an Administrator user who is signed into the endpoint. Consequently, even if signed in users do not have administrative rights, a Tanium Console user can deploy actions to the endpoint that install, update, or remove client applications as long as those applications meet the following conditions:

  • The applications are installed from a command line using the permissions of the LocalSystem account (Windows) or root (non-Windows).
  • The applications are configured to suppress any interaction with an end user signed into a target endpoint at installation time.
  • The applications can be dynamically customized at installation if necessary through options, switches, or input files passed to the application installer.

If the required executables, scripts, and configuration files do not natively have these characteristics, you might be able to use a commercial software packaging tool such as InstallShield or an open-sourced application like Nullsoft Scriptable Install System to create a new version of the installer.

You can use the Tanium Core Platform to track the count of installed applications, as well as whether those applications are being used. Therefore, before installing new software or upgrading versions of existing software, verify that your organization owns the required number of licenses or meets the Acceptable-Use criteria to centrally distribute and install the commercial or open-sourced software to endpoints within your organization.

To create, modify, or delete package configurations, your user account requires a role with the Write Package permission. The Admin Administrator or Content Administrator reserved role has this permission.

View packages

  1. From the Main menu, go to Administration > Content > Packages.

    The Packages grid displays most of the attributes that are described in Table 1.

  2. (Optional) To display attributes that the grid hides by default, click Customize Columns Customize columns and select the attributes.
  3. (Optional) Use the filters to find specific packages:
    • Filter by text: To filter the grid by package Name or Command, enter a text string in the Filter items field.
    • Filter by attribute: Filter the grid by one or more attributes, such as the Content Set assignment. Expand the ExpandFilters section, click AddAdd, select an attribute and operator, enter a text string that contains all or part of the attribute value, and click Apply. If you add multiple attribute filters, the Boolean AND operator applies. After you finish specifying attributes, click Apply All to filter the grid.
  4. (Optional) To see the attributes that are described in Table 1, select a package and click Edit Edit.

Edit a package

As a best practice, do not edit predefined packages that are provided through Tanium content packs. For details, see Tip 4: Limit customizations to Tanium content. Contact Tanium Support if editing the Tanium-provided packages is necessary. Alternatively, you can clone Tanium-provided packages (see Clone a package) and edit the copies. You can also edit custom packages that you created from scratch. Perform the following steps to edit a package:

  1. From the Main menu, go to Administration > Content > Packages.
  2. Use the search and column sorting features to find the package you want to edit.
  3. Select the package row and click Edit.
  4. Complete the configuration as described in Table 1 and click Save.

Re-download package files

The Tanium Server stores package files in its cache. If updated file versions are available, or re-downloading the current file versions is necessary for troubleshooting, you can manually re-download to the Tanium Server so that it deploys the correct files to endpoints. Note that the server automatically retries downloading every few minutes if the initial download failed for a package.

  1. From the Main menu, go to Administration > Content > Packages.
  2. Select the package for which you want to download files, and click Status.

    A pop-up displays the status.

  3. Click re-download for each file that you want to re-download, or click re-download all to re-download all the files.

Tip: You can also re-download package files from the Action Summary page: see View action summary and status. If you want the Tanium Server to automatically check for, and download, updated versions of package files, set a Check for update interval in the package configuration (see Table 1).

Clone a package

Cloning is useful when you need to do the following:

  • Create a modified version of a predefined package from a Tanium content pack. As a best practice, do not modify the original Tanium package.
  • Create a new package with settings that differ only slightly from an existing package; this is often easier than creating a new package from scratch.

Perform the following steps to clone a package:

  1. From the Main menu, go to Administration > Content > Packages.
  2. Use the search and column sorting features to find the package that you want to clone.
  3. Select the package row and click Clone.
  4. Configure the settings as described in Table 1 and click Save.

Create a package

  1. From the Main menu, go to Administration > Content > Packages.
  2. Click New Package, complete the configuration as described in Table 1, and click Save.
 Table 1: Package configuration guidelines
Settings Guidelines
Package Name A configuration name that identifies the package.
Display Name This name appears in the Packages page, the Deploy Action page, and the Browse Packages dialog (opened from the Deploy Actions page).
Content Set The content set assignment. The list displays all content sets for which you have Write Package permission.
Command Specify the command to run on the endpoint. Optionally, use the Add sensor variable link to insert a reference to a sensor. When the command runs, the value that the sensor returns is substituted for the variable. One example where a sensor-sourced command is useful is when you want to kill a process currently running on an endpoint. The Running Processes sensor returns a list of all the processes running on each endpoint. You can deploy a package directly from a question that uses the Running Processes sensor to then kill one of the identified processes.
Command Timeout and Download Timeout These timeouts affect the state (Completed, Expired, or Failed) of an action that uses the package. The Download Timeout is the amount of time available to download packages files. The Command Timeout is the amount of time available for the command to run. For details on all the settings that determine action states, see View action summary and status.
Ignore action lock Enable endpoints to execute actions that include this package regardless of whether the action lock is on for those endpoints. Use this option in packages that promote hygiene. For details, see Managing action locks.
Launch this package in a process group (Requires Tanium Core Platform servers and Tanium Clients to run version 7.2 or later.) Run the package command in a process group. When the command completes or times out, the process group and any remaining descendant processes are killed.

By default, you cannot configure this setting. To make it configurable, from the Main menu, go to Administration > Management > Global Settings, and set allow_process_group_flag_edit to 1. When you create a new package through the Tanium Console, the setting is enabled by default. However, to enable the setting in an imported package, you must set the <process_group_flag> to 1 in the content file before importing, or configure allow_process_group_flag_edit in the Tanium Console after importing.

Files To select files for the package, open the Add drop-down and select one of the following options:
  • Local File: Browse and select a file from your local host computer. When you upload it, a SHA-256 hash is generated.
  • Remote File: Enter the File Address, enter the file Name, select a Check for update option, and optionally enter a SHA-256 hash.

All the files related to packaging are stored in a sub-directory of the Tanium Server directory.

Parameter Inputs (Parameterized packages only) Open the Add Parameter drop-down, select one of the following parameters, and configure it as described:
  • Checkbox—User enables a setting by checking a box. 0 or 1 is entered into the variable. Returns 1 if checked and 0 if not checked.
  • Date, Date Time, Date Time Range—User selects a date and time or a range. The date time format is epoch with milliseconds. For a range, the user specifies two date times separated by a pipe.
  • Drop Down List—User selects only one option from a list.
  • List—User selects one or more values. Multiple values are separated by a pipe.
  • Numeric—User enters a number. The input can be controlled with minimum and maximums. You can specify a Step Size to require that the input be divisible by the specified value. Snap Interval is the amount that a number is increased or decreased by pressing the up or down button respectively. The value for Step Size should be a multiple of the value for Snap Interval unless Snap Interval is 0. The user-selected number is entered into the variable.
  • Numeric Interval—User selects a number and an item from a list. The list item has a numeric value. The value entered into the variable is the result of the multiplication. For example, if a user selects 2 and selects High (with high having a value of 3), the value is 6 in the variable.
  • Plugin—Not intended for most users. Contact Tanium Support for information about this parameter.
  • Separator—A separator is a graphical way to separate sections in the user input form.
  • Text Area—User enters a large amount of text. The text is entered into the variable.
  • Text Input—User enters text input. Allowed entries can be controlled with regular expressions. The user input is entered into the variable.
  • Time—User selects a time from a drop-down list. The input can be subject to restrictions.
Verification Query Configure a preview question that indicates whether an action that used the package produced the expected results on endpoints. When you run the action, the Action Summary page shows the verification states and the Client Status Details section shows the endpoints for which the action is verified: see Action states. You require the Read Sensor permission on the Reserved content set to issue the Verification Query.
  1. Click Add and use the Filter Bar or Filter Builder to build the filter part of the question.
  2. Review the Preview results and click Apply.
  3. Specify a verification failure timeout. The clock begins when the action finishes. If the action is not verified within the timeout period, the Tanium Client reports the action state is Failed.

Export or import package configurations

The following procedures describe how to export and import the configurations of specific packages or all packages.

Develop and test content in your lab environment before importing that content into your production environment.

You can export specific packages for which you have Write Package permission on the associated content sets. You require Import Signed Content and Read Package permissions to import packages. The Admin Administrator or Content Administrator reserved role can export and import all packages.

Export packages

Export package configurations as a CSV file to view their settings in an application that supports that format. If you have the Administrator reserved role, you can also export package configurations as a JSON file to import the packages into another Tanium Server. The export file contains only the configuration settings, not associated files.

If you want to export other types of content in addition to packages, see Manage Tanium shared services and content.

  1. From the Main menu, go to Administration > Content > Packages.
  2. Select rows in the grid to export only specific packages. If you want to export all packages, skip this step.
  3. Click Export Export.
  4. (Optional) Edit the default export File Name.

    The file suffix (.csv or .json) changes automatically based on the Format selection.

  5. Select an Export Data option: All packages in the grid or just the Selected packages.
  6. Select the file Format: JSON (Administrator reserved role only) or CSV.
  7. Click Export.

    TaaSThe Tanium Server exports the file to the downloads folder on the system that you use to access the Tanium Console.

Import packages

You can import package configuration files that are in JSON or XML format.

  1. Digitally sign the package file and ensure a public key is in place to validate the signature. See Authenticating content files.
  2. From the Main menu, go to Administration > Configuration > Solutions.
  3. Scroll to the Content section and click ImportImport Content.
  4. Click Choose File, select the package file, and click Open.
  5. Click Import.

    If object names in the file are the same as for existing objects, the Tanium Console itemizes the conflicts and provides resolution options for each one.

  6. Select resolutions for any conflicts. For guidance, see Conflicts and Best practices.
  7. Click Import again, and click Close when the import finishes.

    Perform the remaining steps only for imported packages that reference other files. You must manually download these files on the Tanium Server because the file that you imported contains only the package configurations, not associated files.

  8. From the Main menu, go to Administration > Content > Packages.
  9. For each package that you imported, select the package, click Status, and click Re-Download All to download the referenced files.

    If the Tanium Server cannot access a file location, move the file to an accessible location, change the File Address in the package configuration (see Edit a package), and repeat this step.

Copy package configuration details

Copy information from the Packages page to your clipboard to paste the information into a message, text file, or spreadsheet. Each row in the grid is a comma-separated value string.

  1. From the Main menu, go to Administration > Content > Packages.
  2. Perform one of the following steps:
    • Copy row information: Select one or more rows and click Copy Copy.
    • Copy cell information: Hover over the cell, click Options Options, and click Copy Copy.