Reporting overview

Use Tanium™ Reporting to explore real-time visualizations of your endpoint data, create custom reports and charts from the data, and export data to share with key stakeholders.

Features include:

  • Explore data across Tanium modules
  • Create custom reports with data that you select
  • Build dashboards of charts from reports to quickly visualize the data
  • Filter data directly in the reports and dashboards
  • Revisit reports and dashboards to see updated data
  • Share reports and dashboards with others
  • View and manage a single endpoint
  • Deploy actions and operating system (OS) patches to endpoints that provide report data

Explore data

Tanium Reporting contains an Explore Data page that you can use to view available endpoint data in a table format, and then save as a custom report.

In the Source Data section, select specific data to show in a table.

You can then add filters to limit the data.

When finished, you can save the report to view later with updated data.

For information about how to use the Explore Data page to create reports and perform other tasks, see Working with reports.

Data sources

Data sources provide data that you can use to build reports and, consequently, dashboards. Reporting uses data that is stored in Tanium Data Service, which is included with Tanium™ Interact 2.1 and later. To use data provided by sensors in Reporting, you can register sensors from other Tanium solutions and content packs in Tanium Data Service.

1 After installation completes, Tanium Data Service automatically registers multiple sensors on the Tanium Server.
2 Users and other Tanium solutions can register sensors with Tanium Data Service.
3 A user opens a report in Reporting.
4 Reporting retrieves the report data from Tanium Data Service.
1 Tanium Data Service automatically registers multiple sensors for collection. Users and other Tanium solutions can register sensors with Tanium Data Service.
2 A user opens a report in Reporting.
3 Reporting retrieves the latest report data from Tanium Data Service.

Tanium Data Service

Tanium Data Service stores sensor results for endpoints when you issue a question. After you register sensors for collection, the service queries all managed endpoints to collect the results of those sensors and stores the data. To keep the results current, Tanium Data Service periodically reissues questions that contain the registered sensors.

Data is added to Tanium Data Service through the following methods:

Preregistered sensors

Tanium Data Service automatically registers certain sensors for collection. For example, the service automatically registers sensors that identify endpoints or define membership in computer management groups.

Sensors registered by Tanium solutions

Tanium solutions, including Reporting, register sensors with Tanium Data Service.

Virtual sensors

Tanium solutions can send endpoint data directly to Tanium Data Service without the need for a sensor. The data is then available to use through Tanium Data Service and Reporting. This concept is called virtual sensors; a virtual sensor extrapolates endpoint data from known data and other sensors. Examples in Reporting include the Tanium > EID Last Seen and Miscellaneous > Risk Vectors > Asset Criticality data sources.

User-registered sensors

You can register sensors to use in reports. When you decide which sensors to register, consider that results collection consumes resources such as network bandwidth, processing on endpoints, and disk space on the Tanium Serverin Tanium™ Cloud.

Certain sensors, such as sensors that provide duplicate data, are intentionally unavailable in Reporting, even if you register the sensors in Tanium Data Service. For a list of unavailable sensors, see Unable to view or select content.

Reports

You can use Reporting to create and view reports with data that is collected by Tanium Data Service. Select the data that you want to include in the reports, and then add filters to limit the data in the report to endpoints in specific management groups or endpoints with specific operating systems.

Tanium managed reports

Reporting contains predefined reports that you can use in your environment. The predefined reports, or Tanium Managed reports, are managed by Tanium and cannot be edited or deleted. However, you can assign reports to a different content set to limit access, and you can copy a report and edit the new report.

To view Tanium-managed reports in the Tanium™ Console, go to Data > Reports and select Tanium Managed for the Author filter.

The Tanium Managed reports use data supplied by content packs and Tanium solutions. To access all content in the Tanium Managed reports, make sure to install all feature-specific dependencies. For information, see Solution dependencies.

Flattened data

Reporting flattens data that appears in reports and on the Explore Data page. You can select a column on which to flatten the data. Flattening dedicates one row for each result that a sensor generates. Use flattening to customize how the data in the report appears. For example, you can flatten the data in a report to filter and show the total count of endpoints that have a specific application installed.

Reports are flattened by data from a single source; if multiple columns are provided by the same data source, then the report is flattened by all column data provided by the source. By default, a report is flattened by the first column that you add to the report.

Depending on what data you need, you can change the sensor on which to flatten the results. For example, consider a report that contains a column for Installed Applications - Name and a column for Computer Name. The Installed Applications - Name source can return multiple applications for each endpoint. If you flatten the table by Computer Name, each row contains the computer name of the endpoint with all its installed applications.

ClosedFlattening examples

Consider a table that contains two columns: Computer Name and Installed Applications - Name. The following table shows the data for three endpoints, where the data is flattened by the Computer Name:

Example of data flattened by Computer Name
Computer Name Installed Applications - Name Count
BOB-PC Microsoft Edge
Google Chrome
Mail
1
MARY-LAPTOP Microsoft Edge
Google Chrome
VMWare Tools
1
TEST-PC Microsoft Edge
VMWare Tools
Mail
1

The following table shows the same data flattened by Installed Applications - Name.

Example of data flattened by Installed Application - Name
Computer Name Installed Applications - Name Count
BOB-PC Microsoft Edge 1
MARY-LAPTOP Microsoft Edge 1
TEST-PCMicrosoft Edge1
BOB-PC Google Chrome 1
MARY-LAPTOPGoogle Chrome1
MARY-LAPTOPVMWare Tools1
TEST-PCVMWare Tools1
BOB-PCMail1
TEST-PCMail1

The following shows the same data in a table with just the Installed Applications - Name column, with a filter added to show only Installed Applications - Name results that match “Google Chrome”.

Example of data flattened by Installed Application - Name with "Installed Applications Name contains Google Chrome" filter
Installed Applications - Name Count
Google Chrome 2

Charts

In Reporting, you can add charts to dashboards, and you can add a chart to each report through the Add Visualization feature. Charts are built on report data. You can also customize the chart type, date range, color scheme, and more.

On dashboards, charts are contained in panels. The panels on Tanium™ Trends boards are similar to the chart panels on dashboards in Reporting.

Dashboards

In Reporting, a dashboard organizes a collection of panels. A panel can contain a chart or text. In addition to panels, you can add collapsible sections to dashboards to further organize panels.

Tanium managed dashboards

Reporting contains predefined dashboards that you can use in your environment. The predefined dashboards, or Tanium Managed dashboards, are managed by Tanium and cannot be edited. However, you can assign dashboards to a different content set to limit access, and you can copy a dashboard and edit the new dashboard.

Tanium-managed dashboards include emerging issue dashboards. An emerging issue dashboard contains details for a specific vulnerability, including the latest information about the threat and customized information about the potential exposure based on Tanium’s real-time telemetry of your environment. Emerging issue dashboards contain the following sections:

  • Overview and Contributing Factors: Highlights of the latest industry information and Tanium insights on the vulnerability.
  • Status: Current and temporal view of endpoints that are vulnerable, not vulnerable, or not applicable to the emerging issue.
  • Tanium/Related Content and References: Consolidated research and packages from reputable sources for reference and assessment.
  • Deploy Action: If there are applicable mitigation or remediation steps, you can pivot directly to deploying packages that Tanium has developed to help you lower your risk profile through targeted actions against vulnerable endpoints.

You can access emerging issue dashboards through Reporting and through notifications in Tanium™ Feed. For information about Feed, see Tanium Feed User Guide: Viewing and managing notifications. For additional information about emerging issue dashboards, see Tanium Community article: Introducing Tanium Alerts and Recommendations for Critical Vulnerabilities (registration is required).

To view Tanium-managed dashboards in the Tanium™ Console, go to Data > Dashboards and select Tanium Managed for the Author filter.

The Tanium-managed dashboards use data supplied by content packs and Tanium solutions. To access all content in the Tanium-managed dashboards, make sure to install all feature-specific dependencies. For information, see Solution dependencies.

For information about dashboards, see Working with dashboards.

Integration with other Tanium products

Reporting has built in integration with other Tanium solutions for additional reporting of related data.

Connect

Configure a Tanium™ Connect destination to export reports outside of Tanium. For more information, see Export reports through Tanium Connect.

Interact

Reporting uses data that is stored in the Tanium Data Service, which is included with Tanium Interact. For information, see Data sources.