.png){kind=logo}
ISG Tanium: Execute
This guide includes key steps for executing actions with sensors previously loaded to Tanium.
Additional information, including architecture, can be found on the ISG Tanium page.
Step 1: Select Target Systems
On the Tanium Home page, use Tanium’s Interact tool to Ask a Question or use the Question Builder to retrieve and group specific systems endpoints for cryptographic inventory.
AgileSec Tanium Actions run by OS, so it is recommended to group target endpoints by OS Platform.
Example: Sort by OS with Ask a Question
As an example, you may sort by OS using Ask a Question as follows.
Or search for Windows OS specifically.
Check the box beside the results you want to target then click Deploy Action.
Step 2: Execute Deploy Action
Select the ISG - Deploy action and execute it against the previously defined target systems.
Deploy Action Field | Description / Notes |
|---|---|
Deployment Package | Specific Action to run. Example: ISG - Deploy [ |
Deployment Path | Path to store the different ISG Discovery Packages on the Target Systems. Tanium provides default path suggestions in the Action Deployment UI. In most cases, users can rely on the default values unless they have a specific requirement to change them. |
DB Path | Path to store the different ISG Local Databases on the target systems. By default, DB Path is the same as the Deployment Path. |
Minimum available space for the filesystem (GB) | Deployment Path and DB Path must have at least the specified amount of free space or Action will fail. |
Action Details
|
|
Deployment Schedule
| Schedule Type options:
One-Time Deployment is recommended for Deploy and Undeploy actions. Discover and Run actions use One-Time Deployment by default but may be configured with a Recurring Deployment. |
Targeting Criteria
| Select the previously defined Target Systems from Step 1 to execute action on. |
After filling out the required fields, click Show Preview to Continue, review, then click Deploy Actions to proceed to action execution.
Step 3: Execute Run Action
After successful deployment of the AgileSec Plugin, you can execute the Run Action against Windows or Linux devices. Select the ISG - Run Action, set the different parameters, then click Deploy Action.
Run Action Field | Description | Recommended Default |
|---|---|---|
Scan Path | Set the Directories or Drives to include in the analysis | Windows: Linux: Note: using / for Linux may be heavy and time-consuming as it scans the entire Linux target machine. Adjust the path based on performance and scope requirements. |
Host Scan Type | Select the type of scan to run:
| Run-Full |
Ignore Missing Path | Avoid fail if a given scan path is missing. For example, when targeting Windows systems, if When enabled, scan will still fail if all given scan paths do not exist. | Checked |
Include Tanium | Select to include Tanium directory in scan process | Not Checked |
Skip Mounts | Set to skip network mounts | Checked |
Scan Priority | Set priority of the discovery process vs other processes:
| Low |
CPU Priority | Set number of threads to parallelize the discovery process run:
| Normal |
Config File | Add a custom configuration file | Leave blank unless a specific, custom configuration is needed. |
EDR Id | An organization ID used by sensor to retrieve a token | EDR Id obtained from AgileSec UI (Platform Management → EDR Management) |
Ingest URL: | Ingest URL of your AgileSec Server
|
|