Trends overview

Use Trends to gain insight into key security metrics and operational health by creating visualizations that show current and historical data from endpoints.

Features

Use Trends to:

• Record metrics from saved questions and installed Tanium solutions over time.
• Visualize trends and states in the environment, split by computer groups.
• Display alerts when thresholds are breached.
• Create a schedule to automatically deliver reports to stakeholders.

Concepts

There are three primary concepts that you need to know to use Trends: sources, panels, and boards.

Source

A source is a configuration that defines where data originates. In Trends, sources provide data to build charts. There are two types of sources:

Saved question source

A saved question source is a configuration that defines a Trends saved question, how often to issue the question, and when to collect results from the endpoints. Every source issues its saved question to all computer groups visible to Trends.

Trends contains an initial gallery that includes Trends boards that are based on sample saved question sources. You can edit these saved question sources, create your own, and delete saved question sources. For more information on the initial gallery, see Importing the initial gallery.

A Trends saved question can ask for results from only one sensor. The sensor can be a single column sensor, a multicolumn sensor, or a parameterized sensor.

Module source

A module source is a configuration that defines data that a Tanium solution provides to Trends. The module source validates and aggregates data that the solution provides. You cannot create or edit module sources, but you can disable them to stop data from being stored.

For information about sources, see Working with sources.

Panel

A panel contains a visualization for data collected by a source. When you create or edit a panel, select the source to use and the default computer group for which to show data. When a saved question source uses a multicolumn sensor, you can choose which column to display. You can also customize the chart type, date range, color scheme, and more.

Panels depend on sources; you must create a saved question source or select a module source before you create a panel that uses the source.

For information on how to add panels to a board, see Building and publishing boards. For information on how to use panels, see Viewing chart results.

Board

A board organizes a collection of panels. You can create and edit boards to add panels, and you can publish boards to downloadable HTML files.

For information about how to create, edit, and publish boards, see Building and publishing boards.

Interoperability with other Tanium products

Trends works with other Tanium solutions for additional reporting of related data.

Tanium™ Connect

Configure a Connect destination to export Trends boards outside of Tanium. You can export a board to a file, or email a board as an attachment.

Trends boards that other solutions provide

The following solutions provide boards that you can access through the initial gallery in Trends:

• Asset
• Client Management
• Comply
• Connect
• Containers
• Deploy
• Discover
• Enforce
• Impact
• Integrity Monitor
• Map
• Patch
• Performance
• Protect
• Reputation
• Reveal
• Threat Response