Managing content sets

Content sets overview

A content set is a group of sensors, saved questions, packages, dashboards, categories, filter groups, and plugins to which a permission applies. Tanium provides several predefined content sets through the Default Content pack and Tanium solution modules. You can create a content set to contain custom content or to accommodate changes in the role-based access control (RBAC) configuration of your Tanium deployment. For example, you can create a content set for sensors and packages related to Tanium Client maintenance, and then configure roles that grant a wide group of users read access to the content but write access to a smaller group of users. You can assign content to only one content set. A role can specify permissions for multiple content sets. Configure advanced roles to define content set permissions across modules. For modules such as Tanium Trends that have module-specific content, you can configure module roles that define permissions for those content sets.

The following figure shows the relationship between contents sets and content, permissions, and roles.

Figure  1:  Content sets in relation to content, permissions, and roles

For details about roles, see Managing roles.

To see and use the Content Sets or Content Alignment page, and to import or export content set and role configurations, you must have the Admin Administrator or Content Set Administrator reserved role, or a custom role with the Permission Administrator permission administrator or content set administrator permissions.

Filter content sets

From the Main menu, select Administration > Permissions > Content Sets to review and manage content sets. Use the filtering text box to filter the items by content set name, or expand Filter Results to filter by sensor or question runtime threshold (see Managing question and sensor thresholds). For modules such as Tanium Trends that have module-specific content, you can select a module in the Content for drop-down list so that the content sets on the page show only the content types associated with that module. By default, the drop-down list is set to Platform, so the content sets display the content types that are common to the entire Tanium Core Platform: sensors, saved questions, packages, dashboards, categories, and plugins.

Create content sets

  1. From the Main menu, select Administration > Permissions > Content Sets and click New Content Set.
  2. Specify a configuration Name and Description, and click Save.
  3. Click Preview to Save and click Confirm & Save.

Move content between content sets

Move content between content sets as necessary to accommodate changes to the RBAC configuration of your Tanium deployment. For example, if a sensor collects sensitive information from endpoints, you might want to move that sensor to a content set that only highly privileged user roles can access. Before moving content, be sure that you understand how the move affects workflows. For example, if a user configures a scheduled action, and you later move the associated package to a content set for which that user does not have permission, the Tanium Server will not deploy the action. For the predefined content that is included in Tanium modules and content packs, the best practice is to keep that content in the original predefined content sets. As much as possible, create copies of Tanium-provided content and move the copies to other content sets when necessary. If moving original Tanium-provided content becomes necessary, consult your Tanium Technical Account Manager (TAM) before proceeding.

You can move content between any content sets except:

  • The Reserved content set, which includes fundamental sensors that the Tanium Core Platform uses.
  • Certain Tanium solution module-based content sets.

Perform the following steps to move content:

  1. From the Main menu, select Administration > Permissions > Content Sets and expand the content set that contains the content you want to move.
  2. Select the content that you want to move.
  3. Click Move to and select the target content set.
  4. Click Preview to Save and review your changes.
  5. Click Confirm & Save.


Because the Content pages have descriptions of the sensors, packages, saved questions, and filter groups, you might find it helpful to use the Content pages for moving content to familiarize yourself with the content first. For example, when you select one or more sensors in the Content > Sensors page, the Move to Content Set button appears above the table. You can also move content through the Content Set drop-down list when modifying content (see Specify a content set when you create or edit content). You can move content between content sets for which you have write permission. Users with the Admin Administrator or Content Set Administrator reserved role can move content between any content sets except the Reserved content set and certain module-based content sets.

Specify a content set when you create or edit content

When creating or editing content, you use a drop-down list to select the associated content set. The Content Set drop-down list includes only the content sets for which you have write permission. The following example shows the drop-down list for a sensor (go to Administration > Content > Sensors and click New Sensor).

Figure  2:  Content Set drop-down list

Review content set permissions

When modifying or troubleshooting the RBAC configuration of your Tanium deployment, it is useful to know which roles or users or user groups currently have permissions to access different types of content in a content set.

  1. From the Main menu, select Administration > Permissions > Content Sets and expand the content set that you want to review.
  2. Find the content (such as a sensor) that you want to review.
  3. Click the appropriate icon to open a dialog that displays the roles or users or user groups that have permissions for the content.
  4. Click OK to close the dialog.

Export or import the content sets and roles configuration

As a best practice, test content sets and roles in your lab before importing their configuration into your production environment. The configuration that you export and import is a file that specifies the settings for content sets and roles. Exported files are in JSON format, while imported files can be in JSON or XML format. The content set section of the file includes the content set names but not the content set assignments. To include the assignment settings, you must also export the content object types: Sensors, Packages, Saved Questions, Computer Groups, Categories, and Dashboards.

Export

  1. From the Main menu, select any Administration > Content or Permissions page and click Export Content at the top right of the page.
  2. Select Content Sets and Roles, select the Export Format (JSON or XML), and click Export.
  3. Enter a File Name or use the default name, and then click OK. The Tanium Server exports the content file to the Downloads folder on the system that you use to access the Tanium Console.

Import

You can import files that are in JSON or XML format.

  1. Digitally sign the content file and ensure a public key is in place to validate the signature, as described under Authenticating content files.
  2. From the Main menu, select any Administration > Content or Administration > Permissions page and click Import Content at the top right of the page.
  3. Click Choose File, find and select the configuration file, and click Open.
  4. Click Import. If object names in the file are the same as for existing objects, the Tanium Console itemizes the conflicts and provides resolution options for each one.
  5. Select resolutions for any conflicts. For guidance, see Conflicts and Best practices, or consult your TAM.
  6. Click Import again, and click Close when the import finishes.

Delete a content set

You must empty a content set configuration before you can delete it.

  1. From the Main menu, select Administration > Permissions > Content Sets and move all the objects from the content set that you want to delete: see Move content between content sets.
  2. Click Delete at the top right of the content set tile.

Align content for modules

Some Tanium solution modules require module-specific sensors, packages, and saved questions to remain in their module-specific content sets. Moving that content might disrupt the module workflow. Modules report misaligned content to the Content Alignment page. To realign content:

  1. From the Main menu, select Administration > Content > Content Alignment.
  2. Review the list.
  3. Click Align All Content, or select the specific content that you want to align and click Align Selected Content.