Other versions

Deploying actions

You use filtering, merging, and drill-down techniques to find the set of computers that are due for administrative action. Then, in the results grid, you can select the targeted computers and launch the Deploy Action workflow page.

Do not deploy an action unless you completely understand the scope of the action, you understand the impact on an individual target and the impact on the environment given the number of targets, and you have been authorized by your organization to perform the action. Some organizations require review and approval by a second administrator. For information about enabling and using the action approval feature, see Action Approval.

Role requirements

You must be assigned a role with Write Action permission to see the Deploy Action button on the results grid. The packages available are determined by Read Package content set permissions. When you deploy an action, the Tanium Server uses special saved questions to track action status and report action status within the deploy action workflow. To complete the workflow, you also need the Read Sensor and Read Saved Question permissions on the Reserved content set.

Deploy an action

  1. In the results grid, select the rows of interest and click Deploy Action.

    Interact displays the Deploy Action workflow page.

  2. Use the Deployment Package search box typeaheads to select packages.

    Alternatively, you can use the Browse Packages dialog box to review package descriptions and then select them.

  3. Complete the Action Details section.
    SettingsGuidelines
    NameSpecify a configuration name. The name appears in the record for the action on the Scheduled Actions, Action History, and Action Approval pages.
    DescriptionOptional. A description helps other administrators understand the purpose of the configuration object.
    TagsOptional. Tags are name-value pairs. Use the controls to add tags.

  4. Complete the Schedule Deployment section.
    SettingsGuidelines
    Start at / End at

    Optional. You can specify a start time when it is important that the action be deployed to targeted clients during a maintenance window. The time refers to the Tanium Server system clock. The system clock is the Coordinated Universal Time (UTC) for the Tanium Server host system, not the Tanium Client host systems. For example, if you specify the action to run at 1:00 am, it is deployed when the Tanium Server system clock time is 1:00 am. Note the following behavior:

    • If a start time is not specified, the action is issued immediately upon completion of the deploy action workflow.
    • If a start time is not specified, and action approval is enabled, the action will be issued immediately after it is approved, provided other action conditions do not preclude it from being issued.
    • If a start time is specified, and action approval is enabled, the action will be issued at the next start time following the approval. For example, if you set the action to be deployed at 1:00 am and to be reissued every day, and it is approved at 2:00 am, the action will be deployed the next day at 1:00 am.

    We recommend you specify an end date/time if the scheduled action is configured to be reissued, unless you are sure it is the type of action that should be reissued indefinitely. If you are not sure, configuring the schedule to end in six months is better than having it run indefinitely.

    Distribute over

    Tanium Server distributes packages to Tanium Clients in batches. This option randomizes the distribution over the specified duration to avoid spikes in network or other resource utilization. For example, if an action depends on a sensor that queries Active Directory, an action that is not distributed over time can cause a flood of traffic to the Active Directory server. Similarly, an action that targets clients in a virtual machine farm could exhaust the shared CPU or memory resources if all clients were to run a resource-intensive program at the same time. The "distribute over time" option attenuates the impact a massive orchestration might have on the networked environment or virtualized environment.

    Specify a number and unit: Minutes, Hours, Days.

    Reissue every

    Use this option to put the scheduled action on a repeat schedule. This option is appropriate:

    • when action approval is enabled and you are not certain it will be approved before the action expires.
    • when you want to be sure software or configuration updates are made not only to the clients currently online but also to those currently offline that will be predictably online within a window defined by the interval you specify.
    • when the action is a continual hygiene practice. For example, you want to check periodically that a client service is running or a client configuration has a particular value.

    Specify a number and unit: Minutes, Hours, Days.

    Note: The Reissue every interval must be greater than the action expiration period. The action expiration period is the larger result from the following calculations:

    • The package Command Timeout + Download Timeout values
    • The package Command Timeout + the scheduled action Distribute over value

  5. Complete the Targeting Criteria section and click Show preview to continue.
  6. Review the preview details and click Deploy Action.

    You are prompted to review the impact on targets and to provide administrator credentials.

  7. Enter your password.
  8. The page reloads to display the Action Summary page.

  9. Review the status to confirm expected results.


The Deploy Action workflow creates a scheduled action configuration object, and the action is entered on the Scheduled Actions, Action History, and (if applicable) Action Approval pages in the Tanium Console. For details, see Managing actions.

Last updated: 5/16/2018 1:11 PM | Feedback