Tanium 6.x: Computer Groups


Computer Groups in Tanium are dynamically created groups of computers using a Tanium Question. So instead of maintaining a list of computer names or IP addresses, you can define a Computer Group like this to capture your XP machines:

Operating System contains "XP"

Or define a Computer Group like this to capture all machines in a certain part of your network:

IP Address starts with "192.168.50"

The dynamic, flexible nature of Computer Groups allows an organization to have real-time control over assets. If a property you use to define a Computer Group changes on a machine, that group will dynamically change once that Sensor is re-evaluated.


There are currently two uses of Computer Groups in Tanium (with more use cases on the way).

Limiting a Tanium User's Computer Scope

First, you can use Computer Groups to limit a user's access to machines. For instance, if you have a new user "john.smith", you can grant John rights to specific Computer Groups:

"john.smith" has limited computer access

In the above example, "john.smith" has access to only machines that are "Desktops" or "Intranet Machines". So even when he asks a question from all machines:

Get Computer Name from all machines

He will see results from only machines that are in either the "Desktops" or "Intranet Machines" Computer Groups. Similarly, if he attempts to deploy Packages, his scope is limited to the computers in the groups associated with his console user ID.

Computer Groups in Action Grouping

Second, for any Action Group, you can associate specific Computer Groups with each Action Group. As an example, if you have a set of critical Windows patches from May 2014, you can specify the "Test Machines" Computer Group to deploy to first. When you feel comfortable enough to move on, you can go back to the Action Group definition and add the "Production Servers" Computer Group to the Action Group.

Targeting Computer Groups in Action Groups

Existing Computer Groups

To view all Computer Groups in the Tanium Console, navigate to Administration⇒Computer Groups

Existing Computer Groups in the Administration⇒Computer Groups tab

Creating a new Computer Group

Creating a new Computer Group is simple and is very similar to using the "Ask a Question" field near the top of the Tanium Console.

  1. Navigate to Administration⇒Computer Groups.
  2. Click "Add New Group+" in the upper right of the Computer Groups tab.
  3. Enter a unique name for the computer group.
  4. Enter filter criteria such as "Manufacturer contains Dell":
    Creating a new Computer Group in the Administration -> Computer Groups tab
  5. After you press the "Enter" key or the ? button, Tanium's natural language parser provides suggested questions that it knows how to answer.
  6. Select the query that best matches your intent—in this case, the first one. The computer names of the machines that match the Computer Group filter appear in the list:
Have more questions? Submit a request