For instructions on installing and configuring Threat Response in an on-premises environment, see Installing Threat Response.
- From the Main menu, go to Administration > Actions > Scheduled Actions.
- In the list of action groups, click Tanium Threat Response.
- Click Edit, select computer groups to include in the action group, and click Save.
Tanium Endpoint Configuration delivers configuration information and required tools for Tanium Solutions to endpoints. Endpoint Configuration consolidates the configuration actions that traditionally accompany additional Tanium functionality and eliminates the potential for timing errors that occur between when a solution configuration is made and the time that configuration reaches an endpoint. Managing configuration in this way greatly reduces the time to install, configure, and use Tanium functionality, and improves the flexibility to target specific configurations to groups of endpoints.
Endpoint Configuration is installed as a part of Tanium Client Management. For more information, see the Tanium Client Management User Guide: Installing Client Management.
Additionally you can use Endpoint Configuration to manage configuration approval. For example, configuration changes are not deployed to endpoints until a user with approval permission approves the configuration changes in Endpoint Configuration. For more information about the roles and permissions that are required to approve configuration changes for Threat Response, see User role requirements.
To use Endpoint Configuration to manage approvals, you must enable configuration approvals.
- From the Main menu, go to Administration > Shared Services > Endpoint Configuration to open the Endpoint Configuration Overview page.
- Click Settings and click the Global tab.
- Select Enable configuration approvals, and click Save.
For more information about Endpoint Configuration, see Tanium Endpoint Configuration User Guide.
If you have previously installed Tanium Index as a standalone application, or used the standalone application to upgrade Tanium Index, ensure that all legacy Index assets are uninstalled from endpoints before deploying the latest Threat Response tools to endpoints. To ensure complete removal of legacy Index dependencies, deploy the Index - Remove Legacy Dependent package to endpoints where legacy versions of Tanium Index dependencies exist.
- To target endpoints, issue a question in Interact. Ask the question Get Tanium File Contents[Tools/EPI/dependents.txt] from all machines. If the results for an endpoint display Index it indicates that the standalone Index content has been used in the past.
- In the Question Results grid, select the rows for the endpoints that require the action, and click Deploy Action.
- From the Deploy Action page, use the Deployment Package search box typeaheads to select packages. Select the Index - Remove Legacy Dependent [Windows] or Index - Remove Legacy Dependent [Non-Windows] package.
- Configure a Deployment Schedule and Targeting Criteria. Click Deploy Action. For more information, see Deploying actions.
After you have performed these steps, if the results of the Client Extensions - Statussensor displays recorder|has_subscription|index.fileevents you can use the Recorder - Clear Subscription [OS] package to remove a single subscription from recorder.
Last updated: 8/2/2021 3:09 PM | Feedback