Reporting overview

Tanium™ Reporting is not yet available for on-premises installations of the Tanium™ Core Platform.

Use Tanium™ Reporting to explore real-time visualizations of your endpoint data, create custom reports and charts from the data, and export data to share with key stakeholders.

Features include:

  • Explore data across Tanium modules
  • Create custom reports with data that you select
  • Build dashboards of charts from reports to quickly visualize the data
  • Filter data directly in the reports and dashboards
  • Revisit reports and dashboards to see updated data
  • Share reports and dashboards with others

Explore data

Tanium Reporting contains an Explore Data page that you can use to view available endpoint data in a table format, and then save as a custom report.

In the Source Data section, select specific data to show in a table.

You can then add filters to limit the data.

When finished, you can save the report to view later with updated data.

For information about how to use the Explore Data page to create reports, see Working with reports.

Data sources

Data sources provide data that you can use to build reports and, consequently, dashboards. Reporting uses data that is stored in the Tanium Data Service, which is included with Tanium Interact 2.1 and later. To use data provided by sensors in Reporting, you can register sensors from other Tanium solutions and content packs in the Tanium Data Service.

1 After installation completes, the Tanium Data Service automatically registers multiple sensors on the Tanium Server.
2 Users and other Tanium solutions can register sensors with the Tanium Data Service.
3 A user opens a report in Reporting.
4 Reporting retrieves the report data from the Tanium Data Service.
1 The Tanium Data Service automatically registers multiple sensors for collection. Users and other Tanium solutions can register sensors with the Tanium Data Service.
2 A user opens a report in Reporting.
3 Reporting retrieves the latest report data from the Tanium Data Service.

Tanium Data Service

The Tanium Data Service stores sensor results for endpoints when you issue a question. After you register sensors for collection, the service queries all managed endpoints to collect the results of those sensors and stores the data. To keep the results current, the Tanium Data Service periodically reissues questions that contain the registered sensors.

Data is added to the Tanium Data Service through the following methods:

Preregistered sensors

The Tanium Data Service automatically registers certain sensors for collection. For example, the service automatically registers sensors that identify endpoints or define membership in computer management groups.

Sensors registered by Tanium solutions

Tanium solutions, including Reporting, register sensors with the Tanium Data Service.

Virtual sensors

Tanium solutions can send endpoint data directly to the Tanium Data Service without the need for a sensor. The data is then available to use through the Tanium Data Service and Reporting. This concept is called virtual sensors; a virtual sensor extrapolates endpoint data from known data and other sensors. Examples in Reporting include the Tanium > EID Last Seen and Miscellaneous > Risk Vectors > Asset Criticality data sources.

User-registered sensors

You can register sensors to use in reports. When you decide which sensors to register, consider that results collection consumes resources such as network bandwidth, processing on endpoints, and disk space on the Tanium Serverin Tanium™ Cloud.

Certain sensors, such as sensors that provide duplicate data, are intentionally unavailable in Reporting, even if you register the sensors in the Tanium Data Service. For a list of unavailable sensors, see Unable to view or select content.

Reports

You can use Reporting to create and view reports with data that is collected by the Tanium Data Service. Select the data that you want to include in the reports, and then add filters to limit the data in the report to endpoints in specific management groups or endpoints with specific operating systems.

Tanium managed reports

Reporting contains predefined reports that you can use in your environment. The predefined reports, or Tanium Managed reports, are managed by Tanium and cannot be edited or deleted. However, you can assign reports to a different content set to limit access, and you can clone a report and edit the new report.

ClosedList of Tanium-managed reports

  • ADI - Basic Inventory
  • ADI - Basic Inventory - Linux
  • ADI - Basic Inventory - Mac
  • ADI - Basic Inventory - Solaris
  • ADI - Basic Inventory - Windows
  • ADI - Software Inventory - AIX
  • ADI - Software Inventory - Linux
  • ADI - Software Inventory - Mac
  • ADI - Software Inventory - Solaris
  • ADI - Software Inventory - Windows
  • EP Management - Antivirus Health
  • EP Management - Applicable Patch Details
  • EP Management - Applicable Patches
  • EP Management - Bitlocker Encryption
  • EP Management - Critical/Important Linux Patches
  • EP Management - Critical/Important Windows Patches
  • EP Management - FileVault Details
  • EP Management - Mean Time to Patch
  • EP Management - Mean Time to Update Software by OS
  • EP Management - Missing Critical/Important Patches > 30 days
  • EP Management - Missing Software Updates > 30 days
  • EP Management - Patch Compliance
  • EP Management - Software Updates Required
  • Risk and Compliance - Compliance Exposure Score
  • Risk and Compliance - Compliance Exposure Score - Linux
  • Risk and Compliance - Compliance Exposure Score - Windows Servers
  • Risk and Compliance - Compliance Exposure Score - Windows Workstations
  • Risk and Compliance - High Vulnerabilities by OS
  • Risk and Compliance - Top CVEs
  • Risk and Compliance - Top Endpoints by High Severity Vulnerability
  • Risk and Compliance - Vulnerability Findings Aggregate

To view Tanium-managed reports in the Tanium™ Console, go to Data > Reports and select Tanium Managed for the Author filter.

Flattened data

Reporting flattens data that appears in reports and on the Explore Data page. Flattening data reduces the number of rows in the report. In an unflattened table, each cell in the table contains one value. With flattening, you can select a column on which to flatten to consolidate data and reduce the number of rows. For example, consider a table that contains a column for Installed Applications and a column for Computer Name. The Installed Applications source can return multiple applications for each endpoint. If you flatten the table by Computer Name, each row contains the computer name of the endpoint with all its installed applications.

Reports are flattened by data from a single source; if multiple columns are provided by the same data source, then the report is flattened by all column data provided by the source. By default, a report is flattened by the first column that you add to the report, but only if the column can contain multiple values in each row. If a column has only one value in each row, no flattening is needed and the flatten icon does not appear for that column. You can change the column on which to flatten results.

ClosedExample tables

Consider a table that contains two columns: Computer Name and Installed Applications - Name. The following table shows the unflattened data for three endpoints:

Example of unflattened data
Computer Name Installed Applications - Name
BOB-PC bash
MARY-LAPTOP bash
TEST-PC bash
BOB-PC cron
MARY-LAPTOP cron
MARY-LAPTOP grep
TEST-PC grep
BOB-PC ssh
TEST-PC ssh

The following shows the same data flattened by the computer name:

Example of data flattened by Computer Name
Computer Name Installed Applications - Name
BOB-PC

bash

cron

ssh
MARY-LAPTOP

bash

cron

grep
TEST-PC

bash

grep

ssh

The following shows the same data flattened by Installed Applications - Name. Note that although the order of the elements is similar to the unflattened data, the flattened table uses less rows.

Example of data flattened by Installed Application - Name
Computer Name Installed Applications - Name

BOB-PC

MARY-LAPTOP

TEST-PC

 bash

BOB-PC

MARY-LAPTOP

 cron

MARY-LAPTOP

TEST-PC

 grep

BOB-PC

TEST-PC

 ssh

Charts

In Reporting, you can add charts to dashboards, and you can add a chart to each report through the Add Visualization feature. Charts are built on report data. You can also customize the chart type, date range, color scheme, and more.

On dashboards, charts are contained in panels. The panels on Tanium™ Trends boards are similar to the panels on dashboards in Reporting.

Dashboards

In Reporting, a dashboard organizes a collection of panels. In addition to panels, you can add collapsible sections to dashboards to further organize panels.

Tanium managed dashboards

Reporting contains predefined dashboards that you can use in your environment. The predefined dashboards, or Tanium Managed dashboards, are managed by Tanium and cannot be edited. However, you can assign dashboards to a different content set to limit access, and you can clone a dashboard and edit the new dashboard.

Tanium-managed dashboards include:

  • Asset Discovery and Inventory
  • Endpoint Management
  • Risk and Compliance

To view Tanium-managed dashboards in the Tanium™ Console, go to Data > Dashboards and select Tanium Managed for the Author filter.

For information about dashboards, see Working with dashboards.

Integration with other Tanium products

Reporting has built in integration with other Tanium solutions for additional reporting of related data.

Connect

Configure a Tanium™ Connect destination to export reports outside of Tanium. For more information, see Export reports through Tanium Connect.

Interact

Reporting uses data that is stored in the Tanium Data Service, which is included with Tanium Interact. For information, see Data sources.