- 10 Nov 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Tanium - Create Action
- Updated on 10 Nov 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Tanium - Create Action creates an action for software packages on the Tanium Asset server for:
- Assets that match the results of the selected saved query, and match the Enforcement Action Conditions, if defined or assets selected on the relevant asset page.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
General Settings
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from the Tanium Asset adapter - Select this option to use Tanium Client Status connected adapter credentials.
- When you select this option, the Select Adapter Connection drop-down becomes available. Select the adapter connection to use for this Enforcement Action.
To use this option, you must successfully configure a Tanium Asset adapter connection.
Required Fields
These fields must be configured to run the Enforcement Set.
- Package ID - Software Package ID for which to create the action.
- Computer Group Name - The computer group name suffix. This will create n computer groups named COMPUTERGROUPNAME #INDEX, depending on the resulting query set size.
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Connection and Credentials
When Use stored credentials from the adapter is toggled off, some of the connection fields below are required to create the connection, while other fields are optional.
Hostname or IP Address - The Hostname or IP address of the Tanium server that Axonius can communicate with. The adapter supports both on-premise and Tanium Cloud instances. When connecting to a Tanium Cloud instance, "-api" must be added to the end of the subdomain of your Tanium Cloud instance. For example: "domain.cloud.tanium.com" should be entered as "domain-api.cloud.tanium.com".
User Name or API Token ID - The credentials for a user account that has Permissions to perform this action. If an API token is being used for authentication, this must be the ID of the API token. The Token ID column in Tanium may be hidden.
Password or API Token - The credentials for a user account that has the Permissions to perform this action. If an API token is being used for authentication, this must be the API token string.
Note:Refer to Tanium Asset to learn more about the API Token.Only fetch clients that have registered in the past N minutes - Only fetch assets that have registered with the Tanium platform within the past minutes supplied by this value. Tanium considers any agent that has not reported in the past 5 minutes as "broken". However, leave this value empty if you want to be able to build queries in Axonius that check for "broken agents". A value of 0 will disable this filter.
- Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
Max devices per deploy (default: 50) - Set a maximum number of devices on which to run this action.
Required Permissions
The credentials used to connect to Tanium must have permission to create actions in Tanium.
For more details about other Enforcement Actions available, see Action Library.