Managing content sets

Content sets overview

A content set is a group of sensors, saved questions, packages, dashboards, categories, filter groups, and plugins to which a permission applies. Tanium provides several predefined content sets through Tanium modules, shared services, and content-only solutions. You can create a content set to contain custom content or to accommodate changes in the role-based access control (RBAC) configuration of your Tanium deployment. For example, you can create a content set for sensors and packages related to Tanium Client maintenance, and then configure roles that allow a wide group of users read access to the content but write access to a smaller group of users. You can assign content to only one content set. A role can specify permissions for multiple content sets. Configure custom roles to define platform content permissions for content that is used across all modules and module permissions for module-specific content. Tanium also provides pre-defined module roles for module-specific content.

The following figure shows the relationship between contents sets and content, permissions, and roles.

Figure  1:  Content sets in relation to content, permissions, and roles

For details about roles, see Managing roles.

To see and use the Content Sets page, and to import or export content set and role configurations, you must have the Admin Administrator or Content Set Administrator reserved role, or a custom role with the Permission Administrator permission.

View content set details

  1. From the Main menu, go to Administration > Permissions > Content Sets.
  2. (Optional) In the Filter items field, enter a search string to find specific content sets based on Name or Description values.

    The Used By column indicates which Tanium modules or shared services use the content that is in a content set. If the column displays no value for a content set, that means its content is used across the Tanium Core Platform and is not module-specific.

  3. Click the Name of the content set for which you want to review content and permissions.
  4. Expand Expand the content type that you want to review.

    The top grid lists all the objects of that type in the content set.

    The bottom grid displays the Roles Role, Users User, and User Groups User Group with permissions that are associated with the content.

  5. When you finish reviewing, click Exit to return to the Content Sets summary page.

Create a content set

  1. From the Main menu, go to Administration > Permissions > Content Sets and click New Content Set.
  2. Enter a Content Set Name and optional Description, and then click Save.
  3. Perform the following tasks to assign content to the content set:

Move content between content sets

Move content between content sets as necessary to accommodate changes to the RBAC configuration of your Tanium deployment. For example, if a sensor collects sensitive information from endpoints, you might want to move that sensor to a content set that only highly privileged user roles can access. Before moving content, be sure that you understand how the move affects workflows. For example, if a user configures a scheduled action, and you later move the associated package to a content set for which that user does not have permission, the Tanium Server will not deploy the action.

Keep predefined content that is included in Tanium solutions in the original predefined content sets. As much as possible, create copies of Tanium-provided content and move the copies to other content sets when necessary. Contact Tanium Support before proceeding if moving original Tanium-provided content becomes necessary.

If the attributes of a sensor, package, saved question, or filter group might influence which content set you assign it to, use the Administration > Content pages to review the attributes and assign content sets. For the steps, see:

To move content between content sets, you require the Admin Administrator or Content Set Administrator reserved role or a role that has write permission on the content and content sets. You can move content between any content sets except:

  • The Reserved content set, which includes fundamental sensors that the Tanium Core Platform uses.
  • Certain Tanium solution-based content sets.

Perform the following steps to move content:

  1. From the Main menu, go to Administration > Permissions > Content Sets.
  2. Click the Name of the content set that contains the content you want to move.
  3. Expand Expand the content type and select the content that you want to move.
  4. Click Move to Content Set, select the target content set, and click Confirm.

Export or import content sets

The following procedures describe how to export and import specific content sets or all content sets.

Test custom content sets and roles in your lab environment before importing their configurations into your production environment.

Export content sets

Export content sets as a file in one of the following formats:

  • CSV: When you open the file in an application that supports CSV format, it lists the content sets with the same attributes (columns) as the Content Sets page displays.

  • JSON: If you are assigned a role with the Export Content permission, you can export content set configurations as a JSON file to import them into another Tanium Server. The Administrator reserved role has that permission. The content set section of the file includes the content set names but not the content set assignments.

Perform the following steps to export content sets:

  1. From the Main menu, go to Administration > Permissions > Content Sets.
  2. (Optional, CSV exports only) To add or remove attributes (columns) for the CSV file, click Customize Columns Customize Columns in the grid and select the attributes.
  3. Select rows in the grid to export only specific content sets. If you want to export all content sets, skip this step.

  4. Click Export Export.

  5. (Optional) Edit the default export File Name.

    The file suffix (.csv or .json) changes automatically based on the Format selection.

  6. Select an Export Data option: All content sets in the grid or just the Selected content sets.

  7. Select the file Format:

    • List of Content Sets - CSV

    • Content Set Definitions - JSON (Administrator reserved role only)

  8. Click Export.

    Tanium CloudThe Tanium Server exports the file to the downloads folder on the system that you used to access the Tanium Console.

Import content sets

Users who are assigned a role with Import Signed Content permission can import content files (such as for Tanium solutions or sensor configurations) that are in JSON format. The Administrator reserved role has this permission.

  1. (Non-Tanium-provided content only) Digitally sign the content file and ensure a public key is in place to validate the signature. See Authenticating content files.
    You do not have to generate keys or signatures for Tanium-provided solutions. Tanium signs this content before making it available, and the associated public key is distributed to the Tanium Server key store during the server installation process.

    If you plan to import a file that another user signed, you can first perform an integrity check on the file. See Verify content file signatures.

  2. From the Main menu, go to any of the following Administration pages:
    • Configuration > Solutions
    • Permissions > Filter Groups
    • Under Content, select Sensors, Packages, or Saved Questions
    • Under Actions, select Scheduled Actions, All Pending Approvals, or Actions I Can Approve
  3. Select an Import option based on the source of the content:
    • Import > Import Files: Perform one of the following steps to select one or more files:
      • Drag and drop files from your file explorer.
      • Click Browse for File, select the files, and click Open.
    • Import > Import URL: Enter the URL in the Import URL field, and click Import.
  4. For each file, expand Expand the File name, review the content to import, and select resolutions for any conflicts with existing content (see Resolve import conflicts).
  5. If you want to overwrite existing content set assignments for all imported objects with the default Tanium-defined assignments, select Include content set overwrite. By default, the Include content set overwrite check box is deselected and the Tanium Server preserves the existing content set assignments.
  6. Click Begin Install.

Delete a content set

You must empty a content set configuration before you can delete it. To empty a content set, move its content to another set or delete the content. To move content, see Move content between content sets.

  1. From the Main menu, go to Administration > Permissions > Content Sets and click the content set Name.
  2. Click Delete Content Set.