A package and associated settings, such as scheduling and targeting information, that are deployed to endpoints to perform operations.
A process of ensuring that actions do not run until a second user approves them.
A collection of one or more computer groups to which an action is deployed.
An action that is deployed to endpoints to prevent the Tanium™ Client from running other actions.
ad hoc question
An unsaved query that you can create in the question bar to get information from endpoints. Also referred to as a dynamic question.
A URL from which the Tanium Server allows downloads to the Tanium Client.
A rating on individual endpoints used to assess the impact of an endpoint to the overall risk score.
A scan for intel matches that runs automatically on an interval specified by a Tanium™ Threat Response configuration.
The client that receives sensors, questions, and actions for its linear chain from the Tanium™ Server.
A list of objects, such as URLs, applications, files, or patches, to which endpoints are denied access.
An organized collection of panels.
A sequenced list of software packages.
The typical number of unique values, as opposed to duplicate values, in the sensor results from a set of endpoints.
A collection of dashboards that are related by purpose or subject matter.
A discovery method that uses the Tanium™ Module Server to find unmanaged interfaces beyond the local network.
A fragment of a package file that is distributed across a linear chain .
An endpoint that has the Tanium Client installed.
A Tanium™ Comply scan that runs on managed endpoints.
An action of installing the Tanium Client on endpoints.
A set of security best practices or configurations for hardware, operating systems, and storage that you can apply to endpoints to reduce the risk score for those endpoints.
A configuration object that defines a set of endpoints. It is used as a filter in questions and question results (filter group) or to assign management rights for viewing results and deploying actions (management groups).
computer management group
A configuration that assigns a user permission to perform operations, such as viewing question results and deploying actions, on a defined set of endpoints.
A component that must be managed to deliver an IT service.
Collective term for sensors, packages, scheduled actions, saved questions, dashboards, categories, plug-ins, and filter groups. Tanium modules can supply additional types of content, and users can define custom content.
A reserved role that grants action management privileges and read/write privileges on all content sets.
A solution distributed by Tanium that includes content such as sensors, packages, and saved questions.
A group of related content, such as sensors, packages, and saved questions, to which a permission applies.
An arbitrary PowerShell, VBScript, or UNIX shell script that is used to evaluate conditions on an endpoint.
custom ID mapping
A configuration that maps a custom check ID or XCCDF rule ID to an arbitrary value.
An organized collection of charts supplied by Tanium™ Reporting.
A sensor or external source that provides data that you can use to build reports and dashboards in Reporting.
A collection of settings that can be used to repeatedly issue deployments.
An external server or piece of software to which Tanium data is sent.
A scanner that finds unmanaged interfaces.
A discovery method that uses managed endpoints to find unmanaged interfaces.
The action of issuing an additional question to the endpoints in the results grid.
An unsaved query that you can create in the question bar to get information from endpoints.
A node on a computer network, such as a computer or network device.
endpoint must gather
A bundle of logs and other artifacts collected from an endpoint for troubleshooting purposes.
An application of a policy on the targeted endpoint.
A source of data for Tanium™ Asset, such as a Tanium sensor or external database table. Each entity can contain one or more attributes.
A process that can be deployed to endpoints to search for potential threats based on a piece of intel.
A process that continuously saves key forensic evidence on each endpoint.
Event Recorder Driver
A driver that provides a source of process and command-line events on supported Windows endpoints.
A distribution of a single file as a set of small files in order to limit the impact on network performance.
A process that can be deployed to endpoints to index local file systems, compute file hashes, and gather file attributes and magic numbers.
A type of computer group that is used as a filter in questions and question results.
The client that returns question answers and action statuses from its linear chain to the Tanium Server.
A process of disabling functionality in the client environment that would otherwise enable users to make inadvertent changes or deliberately evade endpoint management by Tanium.
A collection of artifacts to detect and respond to a potential intrusion.
Endpoints within a range of Network Address Translation (NAT) IP addresses that can peer with each other.
A network in which endpoints cannot peer with each other or with endpoints outside the network.
A client on one end of a linear chain that has an intermittent connection with the Tanium Server to receive questions or send answers on behalf of the client neighborhood.
An architecture for exchange of information and data among endpoints that are running Tanium Client.
linear chain leader
A connection to an endpoint to conduct real-time analysis of activity on that endpoint.
A utility that collects forensic information from endpoints and transfers the results to a network location.
An endpoint on which a registered Tanium Client is running.
A unique MAC address on an endpoint managed by Tanium.
A read-only source such as a module source or a saved question source that Tanium provides.
An XML file that lists the content and solutions published through content.tanium.com.
The act of adding the results from an additional question to the current data in the results grid.
A solution that extends the functionality of the Tanium™ Core Platform.
A type of role that grants access to Tanium solution workbenches, features, and content sets.
A configuration that defines data that a Tanium module provides to Tanium™ Trends.
A group of settings that determine how watchlists are deployed to endpoints for continuous recording of file events.
natural language parser
A component that transforms user questions into valid syntax for querying endpoints.
network unauthenticated scan
A scan that uses Tanium Clients as satellites to return Comply scan data for unmanaged endpoints. Credentials are not required to scan unmanaged endpoints.
A script and files deployed to an endpoint for administrative action, like installation of a patch.
A collection of software package templates.
A visualization for data collected by a source.
A type of package that takes command-line arguments.
A type of sensor for which you specify a parameter when defining a question.
An expression that matches entities that can otherwise be hidden in the context of other information.
A set of roles and computer groups that a user selects for a Tanium session and that restricts what the user can see and do with Tanium products.
An extension to a Tanium Core Platform component or solution module.
An endpoint configuration that contains settings to enforce or a set of tasks to run.
A scheduled action that enforces policies on endpoints.
A set of configurations, rules, or parameters that applies to one or more computer groups.
A block that can be put on an endpoint to isolate it from the rest of the network.
A sensor that exceeded the one-minute timeout when it last ran on an endpoint.
A query to managed endpoints that returns answers based on the output of sensors.
An action that sends a single piece of intel to the endpoints for immediate matching and alert reporting.
An optional package that users can deploy to their endpoints to solve an issue.
remote authenticated scan
A secure scan that uses Tanium Clients as satellites to return Comply scan data for unmanaged endpoints. Credentials are required to scan unmanaged endpoints.
An indicator of threat level for a file hash: malicious, non-malicious, suspicious, or unknown.
A non-configurable, Tanium-defined role that assigns permissions for special-purpose capabilities, such as managing the Tanium license, that are unavailable to non-reserved roles.
A core system sensor that you cannot edit.
An action that runs one time during a provided time range, and re-runs later if the endpoint is not online during the initial run.
A data point used to assess risk for a specific category as part of the formula to calculate the risk score.
The public-private root key pair at the top of the Tanium key infrastructure that is required for all subordinate keys to secure connections among Tanium Core Platform components.
An endpoint with the Tanium Client installed that is designated to scan endpoints that do not have the Tanium Client installed.
A discovery method that uses a satellite endpoint to scan for or detect unmanaged interfaces that cannot be reached directly from the Module Server, such as subnets that have only a bridged connection to the main network.
A configuration object that includes question syntax and reissue settings to get information from endpoints.
saved question source
A configuration that defines a Trends saved question, how often to issue the question, and when to collect results from endpoints.
A group of settings that determine the technique and frequency to search endpoints for patches.
A script that the Tanium Client runs on an endpoint to return an answer to a question.
A type of parameterized package that uses sensor output instead of user input as run-time command-line arguments.
A subset of endpoints within the AddressMask subnet boundaries that can peer with each other but not with endpoints outside that subset.
A user account that Tanium products use to run services and background processes on Tanium Core Platform servers.
A solution that shares data or functionality across Tanium products or third-party applications.
An expression to evaluate process, network, registry, and file events on an endpoint. Signals are available as a feed from Tanium, or you can author your own signals.
A content XML file signed by a cryptographic private key that corresponds with a public key that was added to the Tanium Server installation.
A module, shared service, or content pack that extends the functionality of the Tanium Core Platform.
A configuration that defines where data originates.
Tanium™ Cloud Management Portal
The graphical user interface that a Tanium Cloud administrator uses to configure the identity provider that is required to operate with Tanium Cloud, and view Tanium entitlements and other common information about the Tanium Cloud instance.
The graphical user interface that you use to manage the Tanium Core Platform and to access Tanium modules and shared services.
Tanium™ Data Service (TDS)
A service that stores sensor results for endpoints. The service queries all managed endpoints to collect the results of sensors registered for collection and stores them in the Tanium database.
Tanium Module Server
The Tanium Core Platform server that runs application services and stores files for Tanium solution modules.
Tanium™ Recorder Client Extension
A service that continuously saves file activity on each endpoint.
A server that runs the Tanium Console and API services, and that communicates with Tanium Clients (directly or through a Zone Server), other Tanium Core Platform servers, and the content.tanium.com servers.
The hardened Linux-based operating system that runs on the Tanium Appliance.
The act of specifying which endpoints must answer a question or run an action.
Technical Account Manager (TAM)
A staff member from Tanium who helps to configure and troubleshoot Tanium deployments.
An instance of a parameterized sensor that includes a specific value in a saved question.
A type of content not developed by Tanium or the customer that is imported into the customer environment.
An indicator on an endpoint that causes the endpoint to prompt the end user to take a survey.
An endpoint on which there is no registered Tanium Client running.
A unique MAC address on a device that is not managed by Tanium.
A unique MAC address on a device that cannot be managed by Tanium, such as a printer or router.
The confirmation or rejection of a pattern match to improve the accuracy of rule performance and to reduce the number of false positive results on the data that rules target.
A filtered version of Asset data for exporting to a destination.
A sensor that contains data gathered from endpoint data and sensors.
A local path or URL to an Open Vulnerability and Assessment Language (OVAL) definitions file.
A set of files or directories to watch for changes.
A user interface that facilitates management tasks for Tanium solutions.
A service that acts as a proxy between the Tanium Server and Zone Server.
A server that is typically deployed in an enterprise DMZ network to proxy traffic between Tanium Clients that reside in untrusted external networks and a Tanium Server that resides in the trusted internal network.
Zone Server Hub
A service that acts as a proxy between the Tanium Server and Zone Server.