Getting started with the Console and Interact

Sign in to the Console

Access the Tanium Console through a supported web browser: see Web browsers. After you sign in, your console user session persists (remains valid) until you manually sign out, close the browser, or the inactivity timeout expires (default is 10 minutes). To manually sign out, see Sign out of the Console. To change the inactivity timeout, see Set Console user preferences.

After you sign in to the Tanium Console, the system you are using periodically sends TaaSthe Tanium Server a heartbeat message every 2.5 minutes as long as you keep the browser open. The heartbeat interval (default 2.5 minutes) is half the value of the session_expiration_seconds platform setting (default 5 minutes). If TaaSthe server does not receive a heartbeat after 5 minutesby the session_expiration_seconds interval, it terminates your user session. Therefore, if an event such as a network connectivity issue interrupts the heartbeat, you must sign in to the console again regardless of whether the inactivity timeout has expired.

During the setup of your Tanium as a Service (TaaS) deployment, an administrator account is created that you can use to sign in to the Tanium Console for the first time. This user is based on an IdP account that your organization selects as the primary administrator for your TaaS deployment. The user has unrestricted computer group management rights. The user also has the Admin reserved role, which enables access to all the features that are available in TaaS, including the ability to configure role-based access control (RBAC) for all other TaaS users.

The Tanium Console provides single sign-on (SSO) access with two-factor authentication (2FA) through a Security Assertion Markup Language (SAML) identity provider (IdP). After signing into the IdP, a user can start new Tanium Console sessions repeatedly without re-authenticating, until the IdP session times out.

The IdP session timeout is configured on the IdP server. Consult your IdP administrator for more information.

  1. Open a web browser and go to the URL for your TaaS instance.

    The URL has the format https://<TaaS instance>.cloud.tanium.com.

    The sign in page appears.

    Login page

  2. Click Sign In with SSO.
  3. If you never signed into the IdP or your IdP session has timed out, the Tanium Server redirects you to the IdP for authentication. If you previously signed into the IdP and your IdP session is active, you do not need to re-authenticate to the IdP.

By default, the Tanium Server applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Console session.

The steps to access the Tanium Console depend on where you sign in:

  • Sign in through the Tanium Server: If the Tanium Server functions as a Security Assertion Markup Language (SAML) service provider (SP) and your account on the server matches an account on the SAML Identity Provider (IdP), the Tanium Console provides single sign-on (SSO) authentication. SSO enables a user to start new Tanium Console sessions repeatedly without re-authenticating, until the IdP session times out. For details, see SP-initiated SSO.

    The IdP session timeout is configured on the IdP server. Consult your IdP administrator for more information.

    If the Tanium Server authenticates your account through local authentication or Lightweight Directory Access Protocol (LDAP) authentication instead of SAML SSO, you sign in for each session with a user name and password. For details on local authentication, see User authentication. For details on LDAP authentication, see Integrating with LDAP servers.

  • Sign in through a SAML IdP portal: If the Tanium Server integrates with the IdP portal that your organization uses for accessing applications, the portal provides SSO access to the Tanium Console. For details, see IdP-initiated SSO.

After you first sign in after Tanium Server installation, the Tanium Console displays a pop-up window that shows the progress of initial content pack imports, and then opens the Solutions page. Use this page to import Tanium modules and shared services that you are licensed to use (see Managing Tanium solutions). For subsequent sign-on sessions, the Tanium Console displays its home page (https://<Tanium Server>/#/home) by default. However, if your browser URL field specified another console page (such as https://<Tanium Server>/#/actions/scheduled/) when the browser timed out or you signed out, that page opens when you next sign in through the same browser.

Sign in through the Tanium Server

  1. Open a web browser and go to the Tanium Server URL.

    The URL has the format: https://<Tanium_Server_FQDN>[:<port>]. If the Tanium Server uses the default port (443), you do not need to specify the port.

    If you are using LDAP or local authentication and SAML SSO is not configured for any user, the sign in page displays only the Username and Password fields.

    If the Tanium Server is configured to authenticate some users through SAML SSO, the sign in page displays a Sign In with SSO button and a Sign In with Password link below it.

  2. (SSO authentication only) Sign in through SAML SSO:
    1. Click Sign In with SSO.

    2. If you never signed into the IdP or your IdP session has timed out, sign in to the IdP with your username and password. If you previously signed into the IdP and your IdP session is active, you do not need to enter credentials.
  3. (LDAP or local authentication only) Enter your Username and Password. If the sign-in page does not display these fields, click Sign In with Password and then enter your credentials.

    When you first sign in after the Tanium Server is installed, you must enter the username and password of the initial Tanium Console administrator account. The credentials for this account are set during server installation. This account has the Administrator reserved role and can create additional users.

By default, the Tanium Server applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Console session.

Sign in through a SAML IdP portal

  1. Go to the IdP SSO portal.
  2. If you never signed into the IdP or your IdP session has timed out, sign in to the IdP using your username and password. If you previously signed into the IdP and your IdP session is active, you do not need to enter credentials.

    The IdP portal displays a tile for each application that you can access.

  3. Click the Tanium Console tile.

    The IdP redirects you to the Tanium Server and the Tanium Console opens in your browser.

By default, the Tanium Server applies the permissions of your default persona when you sign in. If your account has multiple personas and you want to switch to an alternative persona, see Select a persona for your Console session.

Sign out of the Console

To sign out of (terminate) your Tanium Console user session, go to the Main menu and select <user name> > Sign Out. To access the console again, you must then sign in to start a new session.

If the Tanium Server is configured to integrate with a SAML IdP, your Your IdP session can remain active even after you sign out of the Tanium Console. As long as your IdP session remains active, you can access the Tanium Console again without re-authenticating.

If you are inactive on the Tanium Console for longer than the inactivity timeout (default is 10 minutes), your user session ends automatically. To change the timeout interval, see Set Console user preferences. Closing the browser that you are using to access the console also terminates the session.

Sign out before closing the browser.

Console components and navigation

The following figure shows the common components and navigation widgets that the Tanium Console displays regardless of which Tanium module is currently open:

Figure  1:  Tanium Console components and navigation
1 Main menu (header): Navigate among Tanium modules, shared services, and the pages that you use to administer the Tanium Console and Tanium Core Platform. You can customize the border color, logo, help link URL, and some text in the Main menu: see Customizing the Console and Interact. Below the border, the The Main menu displays the following elements from left to right:
  • Logo Tanium logo: Return to the Tanium Home page from any other page in the console. You can customize the logo for your enterprise.
  • Home Home: Return to the Tanium Home page from any other page in the console.
  • Modules Modules: Open the workbench (user interface) for a Tanium module. You can open modules that are imported and that you have permissions to access.
  • Administration Administration: Navigate the Tanium Console administration pages or open the workbench for a Tanium shared service that you have imported. The menu displays only the administration pages and shared services that you have permissions to access. If any actions require approval, a red number beside the menu indicates the quantity of such actions (see Managing action approval).
  • <Custom text>: By default, the area above the Build (<Platform>) <version> | Console <version> information is blank, but you can add text (Console Demo Environment in Figure  1) to help users identify the environment they are using: see Configure Console header text.
  • <Version>: The Build (<Platform>): <version> | Console: ><version> fields indicate the type of Tanium Core Platform infrastructure (such as Windows), platform version, and Tanium Console version.
  • Help: Click to go to the Tanium documentation portal, which has links to the user guides. By default, the link opens the URL https://docs.tanium.com.
  • <Current persona>: This menu appears only if you signed into the Tanium Console with a user account that has alternative personas assigned. The menu label indicates the current persona. Use the menu to switch personas. For details, see Select a persona for your Console session.
  • <Current user>: The label for this menu is the user name of the account that you used to sign in to the Tanium Console. Open the menu to display the date and time when you signed into the console, or to select from the following options:
    • Preferences: Configure certain behaviors of the Tanium Console based on the user account that you used to sign in: see Set Console user preferences.
    • Local Error Log: Opens a page that lists details about the last 100 errors that were returned to the Tanium Console in response to actions taken with the browser. For details, see View and copy the Console error log.
    • Sign Out: Terminate your current Tanium Console sign-in session.
  • Warning indicator Warning: This icon appears only if warning conditions exist. The Tanium Console initially displays the warnings when you sign in. Click this icon to redisplay the warnings.

2 Module menu: The module menu is in the workbench of every Tanium module and shared service so that you can navigate the workbench pages. Figure  1 shows the expanded menu for Tanium Interact. By default, the menu is collapsed (Figure  2) until you click Options Options. You can also select a module page without expanding the menu by hovering over Options Options or the module name and then selecting the page name.
Figure  2:  Module menu: collapsed
Navigation pane

In the Tanium Console Administration pages, you can pin the menu for each category of pages (Actions, Content, Permissions, or Configuration) to the side of the interface: hover over Options Options and, when it changes to the pin icon Pin, click it. Click Pin again to unpin the sidebar menu. The following example shows the pinned menu for the Content pages.

Figure  3:  Administration sidebar menu: pinned
Administration sidebar

In addition to the sidebar menu, the Tanium Console Administration pages contain breadcrumbs to help orient you in the user interface.

Figure  4:  Example breadcrumb trail for the Roles page
Breadcrumb example

In the Tanium Console Administration pages, you can pin the menu for each category of pages (Actions, Content, Permissions, or Configuration) to the side of the interface: hover over Options Options and, when it changes to the pin icon Pin, click it. Click Pin again to unpin the sidebar menu. The following example shows the pinned menu for the Content pages.

Figure  5:  Administration sidebar menu: pinned
Administration sidebar

In addition to the sidebar menu, the Tanium Console Administration pages contain breadcrumbs to help orient you in the user interface.

Figure  6:  Example breadcrumb trail for the Roles page
Breadcrumb example
3 Display pane: Displays the main body of the current Tanium Console page. In Figure  1, the display pane shows the Interact Home page.

The Tanium Console supports navigation through the keyboard. Use the Tab key to navigate through the options on each page. The Main menu contains a Skip to Main Content button that appears when you tab into the Main menu. Press the Enter key to skip all options in the Main menu and to navigate to the first option in the display pane.

Tanium Home page

The Tanium Home page (Figure  8) serves as a site map that shows the Tanium solutions and Tanium Console administration pages that you can access. The page provides quick access to the following features, solutions, and information.

Customize the Tanium Home page

To change the contents of the Tanium Home page, click Customize page Customize Page. For details, see Customize module overview pages. You can toggle between collapsing Collapse or expanding Expand a section.

View environment status

This section shows general metrics related to your enterprise inventory.

The charts only display data from endpoints in computer groups for which you have management rights. As a result, different users might see different numbers in the same environment. Users with Unrestricted Management Rights will see data from all endpoints in the environment. For more information, see Managing computer groups.

Charts include:

  • Online Endpoints: The number of managed endpoints that have reported to the Tanium Server in the last 31 minutes. Endpoints are devices such as desktops, laptops, servers, virtual machines, or containers. Managed endpoints have the Tanium Client installed. Click the number to issue the General Information saved question: Get Computer Name and IP Address and Operating System from all machines; this question returns results from endpoints that are online the moment you click the number.
  • Total Endpoints: The total number of online and offline managed endpoints. Offline endpoints are endpoints that have reported to the Tanium Server within the retention period (default is 30 days). Click the number to issue the General Information saved question: Get Computer Name and IP Address and Operating System from all machines; this question uses the Tanium Data Service to report the last known state for online and offline endpoints.
  • Operating Platform: The number of offline and online endpoints, grouped by operating system platform.
  • Unmanaged Network Interfaces: The number of unmanaged network interfaces that Tanium™ Discover has found. Unmanaged interfaces are unique MAC addresses that are not currently Tanium-managed. It is normal to see more interfaces than endpoints; an endpoint with multiple network interface controllers (NICs) displays as multiple interfaces. Click the number to open the Unmanaged Interfaces page in Discover. This chart appears only if your Tanium license includesDiscover is installed and you have a user role with the Discover Asset read permission.

    After you install Discover, tThe Unmanaged Network Interfaces chart appears when Discover finds any unmanaged network interfaces. The amount of time to find unmanaged network interfaces depends on the complexity of your environment. For details on discovering network interfaces and user roles available in Discover, see Tanium Discover User Guide.

Explore data from endpoints

Use the Explore Data field to issue questions or click the Build Question button to open the Question Builder. For details on these Interact features, see Asking questions.

Add Quick Links

When you install Tanium modules, the Quick Links section on the Tanium Home page populates with common links to those modules. You can customize the links that appear to include links that you access frequently. Go to the Quick Links section, click Edit Edit, select the pages, and click Save.

Quick Links

Add favorite Interact categories, dashboards, and saved questions

Tanium groups saved questions by dashboard and groups dashboards by category. If you frequently issue certain questions or dashboards, you can flag them as favorites on the Tanium Home page.

By default, the Home page does not display the Favorite Interact Dashboards and Favorite Interact Saved Questions sections. To display them, click Customize page Customize Page, select the check boxes for those sections, and click Save.

If the dashboards that you frequently use belong to the same category, you can also flag that category as a favorite to appear on the Home page. Expand Expand a category to see its dashboards and questions. You can also Expand Expand a dashboard to see its questions.

Figure  7:  Favorite Interact Categories
Favorite Interact Categories

To change the favorite Favorite or non-favorite Non-favorite status of a category, dashboard, or saved question, see Filter by favorites.

For details on categories, dashboards, and saved questions, see Managing saved questions.

Access Tanium module workbenches

In the Modules section, click a tile to open a module workbench. The page displays tiles only for the modules that are imported and that you have permissions to access.

Access Tanium Console administration pages

In the Administration section, click the links to open Tanium Console administration pages, or to open the workbench for a Tanium shared service that you have imported. The page displays links only for the shared services and administration pages that you have permissions to access.

Click the logo Tanium logo or Home Home in the Main menu to return to the Tanium Home page from any module page.

Figure  8:  Tanium Home page

Set up the Console and Interact

The Tanium Console and Interact are licensed as part of the Tanium Core Platform. After you install the Tanium Core Platform servers, pPerform the following tasks to set up the Tanium Console, Interact, and Tanium Core Platform:

  1. Review the system, network, security, and user role requirements for the Tanium Console and Interact. For details, see Tanium Console and Interact requirements.
  2. Import the Tanium modules and content packs that you will use: see Managing Tanium solutions.
  3. (Optional) Customize the Tanium Console and Interact. For example, you can customize the border color and logo in the Main menu, set your user preferences, and reorganize the Interact Overview page. For details, see Customizing the Console and Interact.
  4. (Optional) Configure Tanium Core Platform settings such as Tanium Client subnets, proxy server settings, allowed URLs, and bandwidth throttles. For details, see Tanium Core Platform configuration.
  5. (Optional) Create custom content (such as packages and saved questions) to complement the Tanium-defined content that you import through Tanium modules and content packs. For details, see Content overview.
  6. (Optional) Configure sensors for automatic collection of results so that you can see stored results from endpoints that are offline when you issue questions: see Manage sensor results collection.
  7. Set up role-based access control (RBAC) to determine what users can see and do with the Tanium Core Platform. This involves configuring users, user groups, user roles, personas, computer groups, and content set permissions. For details, see RBAC overview.

Use Interact

The following are regular tasks that you perform after the initial setup of the Tanium Console and Interact:

  1. Issue dynamic questions to retrieve information about the endpoints in your network: see Asking questions.
  2. Analyze and manage question results. For example, you can drill down into the question results with additional questions, filter the Question Results grid, and export its content. For details, see Managing question results.
  3. Manage actions. For example, you can deploy ad-hoc actions or schedule recurring actions based on question results, and configure an action approval workflow. For details, see Actions overview.
  4. Manage saved questions. For example, you can create saved questions, assign them to dashboards, assign the dashboards to categories, and assign saved questions to content sets based on RBAC requirements. For details, see Managing saved questions.