Use Tanium™ Reporting to explore real-time visualizations of your endpoint data, create custom reports and charts from the data, and export data to share with key stakeholders.
- Explore data across Tanium modules
- Create custom reports with data that you select
- Build dashboards of charts from reports to quickly visualize the data
- Filter data directly in the reports and dashboards
- Revisit reports and dashboards to see updated data
- Share reports and dashboards with others
- View and manage a single endpoint
- Deploy actions and operating system (OS) patches to endpoints that provide report data
Tanium Reporting contains an Explore Data page that you can use to view available endpoint data in a table format, and then save as a custom report.
In the Source Data section, select specific data to show in a table.
You can then add filters to limit the data.
When finished, you can save the report to view later with updated data.
For information about how to use the Explore Data page to create reports and perform other tasks, see Working with reports.
Data sources provide data that you can use to build reports and, consequently, dashboards. Reporting uses data that is stored in Tanium Data Service, which is included with Tanium™ Interact
|After installation completes, Tanium Data Service automatically registers multiple sensors on the Tanium Server.|
|Users and other Tanium solutions can register sensors with Tanium Data Service.|
|A user opens a report in Reporting.|
|Reporting retrieves the report data from Tanium Data Service.|
|Tanium Data Service automatically registers multiple sensors for collection. Users and other Tanium solutions can register sensors with Tanium Data Service.|
|A user opens a report in Reporting.|
|Reporting retrieves the latest report data from Tanium Data Service.|
Tanium Data Service stores sensor results for endpoints when you issue a question. After you register sensors for collection, the service queries all managed endpoints to collect the results of those sensors and stores the data. To keep the results current, Tanium Data Service periodically reissues questions that contain the registered sensors.
Data is added to Tanium Data Service through the following methods:
Tanium Data Service automatically registers certain sensors for collection. For example, the service automatically registers sensors that identify endpoints or define membership in computer management groups.
Sensors registered by Tanium solutions
Tanium solutions, including Reporting, register sensors with Tanium Data Service.
Tanium solutions can send endpoint data directly to Tanium Data Service without the need for a sensor. The data is then available to use through Tanium Data Service and Reporting. This concept is called virtual sensors; a virtual sensor extrapolates endpoint data from known data and other sensors. Examples in Reporting include the Tanium > EID Last Seen and Miscellaneous > Risk Vectors > Asset Criticality data sources.
You can register sensors to use in reports. When you decide which sensors to register, consider that results collection consumes resources such as network bandwidth, processing on endpoints, and disk space
- For information about how to register sensors, see Tanium Console User Guide: Manage sensor results collection.
- For required permissions to register sensors, see Tanium Interact User Guide: User role requirements.
Certain sensors, such as sensors that provide duplicate data, are intentionally unavailable in Reporting, even if you register the sensors in Tanium Data Service. For a list of unavailable sensors, see Unable to view or select content.
You can use Reporting to create and view reports with data that is collected by Tanium Data Service. Select the data that you want to include in the reports, and then add filters to limit the data in the report to endpoints in specific management groups or endpoints with specific operating systems.
Reporting contains predefined reports that you can use in your environment. The predefined reports, or Tanium Managed reports, are managed by Tanium and cannot be edited or deleted. However, you can assign reports to a different content set to limit access, and you can copy a report and edit the new report.
To view Tanium-managed reports in the Tanium™ Console, go to Data > Reports and select Tanium Managed for the Author filter.
The Tanium Managed reports use data supplied by content packs and Tanium solutions. To access all content in the Tanium Managed reports, make sure to install all feature-specific dependencies. For information, see Solution dependencies.
Reporting flattens data that appears in reports and on the Explore Data page. You can select a column on which to flatten the data. Flattening dedicates one row for each result that a sensor generates. Use flattening to customize how the data in the report appears. For example, you can flatten the data in a report to filter and show the total count of endpoints that have a specific application installed.
Reports are flattened by data from a single source; if multiple columns are provided by the same data source, then the report is flattened by all column data provided by the source. By default, a report is flattened by the first column that you add to the report.
Depending on what data you need, you can change the sensor on which to flatten the results. For example, consider a report that contains a column for Installed Applications - Name and a column for Computer Name. The Installed Applications - Name source can return multiple applications for each endpoint. If you flatten the table by Computer Name, each row contains the computer name of the endpoint with all its installed applications.
Consider a table that contains two columns: Computer Name and Installed Applications - Name. The following table shows the data for three endpoints, where the data is flattened by the Computer Name:
|Computer Name||Installed Applications - Name||Count|
The following table shows the same data flattened by Installed Applications - Name.
|Computer Name||Installed Applications - Name||Count|
The following shows the same data in a table with just the Installed Applications - Name column, with a filter added to show only Installed Applications - Name results that match “Google Chrome”.
|Installed Applications - Name||Count|
In Reporting, you can add charts to dashboards, and you can add a chart to each report through the Add Visualization feature. Charts are built on report data. You can also customize the chart type, date range, color scheme, and more.
On dashboards, charts are contained in panels. The panels on Tanium™ Trends boards are similar to the chart panels on dashboards in Reporting.
- For information about how to use charts in a dashboard, see Working with dashboards.
- For information about how to add a chart to a report, see Working with reports.
- For information about chart types, see Reference: Chart options in Reporting.
In Reporting, a dashboard organizes a collection of panels. A panel can contain a chart or text. In addition to panels, you can add collapsible sections to dashboards to further organize panels.
Reporting contains predefined dashboards that you can use in your environment. The predefined dashboards, or Tanium Managed dashboards, are managed by Tanium and cannot be edited. However, you can assign dashboards to a different content set to limit access, and you can copy a dashboard and edit the new dashboard.
Tanium-managed dashboards include emerging issue dashboards. An emerging issue dashboard contains details for a specific vulnerability, including the latest information about the threat and customized information about the potential exposure based on Tanium’s real-time telemetry of your environment. Emerging issue dashboards contain the following sections:
- Overview and Contributing Factors: Highlights of the latest industry information and Tanium insights on the vulnerability.
- Status: Current and temporal view of endpoints that are vulnerable, not vulnerable, or not applicable to the emerging issue.
- Tanium/Related Content and References: Consolidated research and packages from reputable sources for reference and assessment.
- Deploy Action: If there are applicable mitigation or remediation steps, you can pivot directly to deploying packages that Tanium has developed to help you lower your risk profile through targeted actions against vulnerable endpoints.
You can access emerging issue dashboards through Reporting and through notifications in Tanium™ Feed. For information about Feed, see Tanium Feed User Guide: Viewing and managing notifications. For additional information about emerging issue dashboards, see Tanium Community article: Introducing Tanium Alerts and Recommendations for Critical Vulnerabilities (registration is required).
To view Tanium-managed dashboards in the Tanium™ Console, go to Data > Dashboards and select Tanium Managed for the Author filter.
The Tanium-managed dashboards use data supplied by content packs and Tanium solutions. To access all content in the Tanium-managed dashboards, make sure to install all feature-specific dependencies. For information, see Solution dependencies.
For information about dashboards, see Working with dashboards.
Reporting has built in integration with other Tanium solutions for additional reporting of related data.
Configure a Tanium™ Connect destination to export reports outside of Tanium. For more information, see Export reports through Tanium Connect.
Reporting uses data that is stored in the Tanium Data Service, which is included with Tanium Interact. For information, see Data sources.
Last updated: 1/30/2023 5:08 PM | Feedback