Tanium - Add or Remove Tag to/from Assets

Tanium - Add or Remove Tag to/from Assets adds or removes tags to or from:

• Assets returned by the selected query or assets selected on the relevant asset page.

Required Fields

These fields are required to run the Enforcement Set.

• Use stored credentials from Tanium Interact adapter - Select this option to use credentials from the adapter connection. By default, the first connection is selected.

  • When you select this option, the Select Adapter Connection drop-down becomes available. Select the adapter connection to use for this Enforcement Action.

• Action type - Select whether to Add tags or Remove tags.

• Tags names - Enter the names of the tags to add or remove, separated by a blank space.

• Os type (default: Automatically) - Select the OS of target assets. Automatically tells the Enforcement Action to determine the OS type automatically.

• {{snippet.Instance Name}}

Additional Fields

These fields are optional.

💡

Connection and Credentials

When Use stored credentials from the adapter is toggled off, some of the connection fields below are required to create the connection, while other fields are optional.

• Hostname or IP Address - Host name or IP address of the Tanium server.
• User Name or API Token ID - The Tanium credentials to use to connect to the Tanium server.
• Password or API Token - The Tanium credentials to use to connect to the Tanium server.
• Names of Saved Questions to fetch - Enter the names of the saved questions to fetch, separated by a comma. Tags will be added or removed from these questions.
• Re-ask every fetch - When fetching data for a connection, ask Tanium to issue a new question to get the current results for each value supplied to Names of Saved Questions to fetch (comma separated).
• Re-ask if results are older than N hours (default: 24) - When fetching data for a connection, if the results for each value supplied to Names of Saved Questions to fetch (comma separated) are older than this many hours, ask Tanium to issue a new question to get the current results.
  • If the value provided is 0, no age check is performed and a new question will not be issued based on the value supplied here.
• Re-asking waits until all answers are returned - When a new question is issued for a Saved Question, wait until the question expires (10 minutes) before fetching assets.
• Use Server Side Export - Utilize Tanium's Server Side Export to export all of the data on the Tanium platform into one XML file instead of paging through the data utilizing the Tanium REST API.
• Parse Dynamic Fields (default: enabled) - Enable/disable the creation of adapter specific dynamic fields being created for every sensor included in the supplied Saved Questions.
• Parse Advanced View (default: enabled) - Enable/disable the processing of raw data from Tanium into the Advanced View of each asset.
• Get hostname from "Short Hostname" instead of "Computer Name" - When selected, the hostname will be parsed with local name of the machine.

• Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

• HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

• Expire minutes - The number of minutes the action created will take to expire.
• Computer Group Name Prefix (default: Axonius) - The computer group name prefix to be used.
• Max devices per deploy (default: 10) - The max number of assets per group.

See Tanium Interact adapter documentation for more details.

Required Permissions

The user must have permission to manage actions and action groups (more information on that can be found on Tanium Console and Interact Requirements in the “User role requirements” section.

If your environment has Action Approval configured, you can assign a role to the Axonius user to bypass it (see Managing Action Approval) or you can approve the action each time it runs.