Tanium 6.x: Action History

Definition

Tanium maintains a record of all actions issued by console operators. This history, including issuer, creation time, and status, is viewable in the Tanium Console by navigating to the Action History tab under Actions.

Usage

Action History Tab

An operator can find the status information for actions that have occurred in the past (scheduled actions or non-scheduled actions) by visiting the Action History tab, and using the filter box at the top or the time constraints to search for the action in question.

Actionhistorytab.png
 

In Action History, an operator can see information about all actions that have occurred, including which package was used, the status of the action from clients (either by right clicking or using the buttons at the bottom), the target, the action group, and more. The action can also be stopped, however Tanium does operate at such a speed that if the wrong action has fired off, stopping it must be done very quickly.

Status of Actions from Action History

Actions here can be multi-selected by ctrl- or shift-clicking.

As an example, this is a status view of a few actions.

Actionhistorystatus.png
 
Again, the action’s completion status on each client in the enterprise can be viewed by clicking the details button in the Action Status box.

The Action ID column in the Action History Tab is useful as an aid in troubleshooting. The action ID is a number which will appear in a subdirectory of the Tanium Client\Downloads directory called Action_<ID number>. Contained in that directory are the files included in the package that the action is based on.

Have more questions? Submit a request