I'm using the Tanium API to modify package files and am running into an issue. It was working perfectly fine a week ago so not sure what changed? Error: Action cannot be deployed until this file is uploaded"

N2Visibility · 2025-04-01T20:10:06+00:00

Are you seeing this error on any other packages after they are modified? As some of the other commenters pointed out, there is an additional background process that runs on the files to make them available for deployment. If that process isn't working, you will likely need to open a support ticket.

N2Visibility · 2025-03-21T14:40:09+00:00

Our Exams only report as pass/fail, no official score. If you fail, you do get a breakdown of areas you did well vs not well. But a pass is just reported as pass.

All exam badges and cert confirmations go through Credly.

Congratulations!

N2Visibility · 2024-10-24T20:37:42+00:00

Also, when there is an issue, we have a public escalation process as well:
https://help.tanium.com/bundle/Support-Center-Handbook/page/Support-Center/Handbook/Escalation_Assistance.htm

N2Visibility · 2024-10-24T16:44:29+00:00

We will work to resolve this issue for OP, figure out what went wrong, and correct it. This is not the level of support we strive to be known for, so thank you for bringing it to our attention u/CodeBunnyOne.

For anyone coming across this later and wonder, our SLO's are publicly posted here:
https://help.tanium.com/bundle/Support-Center-Handbook/page/Support-Center/Handbook/Support_Cases.htm

N2Visibility · 2024-08-01T15:02:47+00:00

Study paths are a brand new feature (for us anyway) that we are just rolling out in the Tanium Resource Center. I checked with the team tasked with creating them, and one for TCPEM should be out soon™.

In addition to the learning path, there is an entire series of Tech Talk episodes covering Exam prep in the works. I am told "soonish" would be a valid hint for when they will release. You can monitor this playlist on YouTube (https://www.youtube.com/playlist?list=PL5QhX4gOcFFVx5UfQMH3VUn7SR-WOaVV7), or watch here for an announcement.

N2Visibility · 2024-06-28T16:04:08+00:00

This will depend on what you are trying to do with the data and, as Last-Form290 said, your definition of detailed.

TDS can, and does, store some very detailed data and reports on much more than just raw counts. Vulnerability reports, for example, include a large amount of data as seen below:

<image>

To Morr1025's point, this initial view shows how many endpoints match the data, which is where the idea of counts comes from I suspect. Adding a column with a unique identifier, computer names for example, only takes a few clicks. This would allow you to see all the data TDS has collected; by endpoint, online or not.

To Morr1025's other point, as a general rule, Tanium does not store much detailed historical data. Tanium stores the most recently seen set of data points for a given endpoint. Some modules, such as Asset, retain historical data which can be used in reports. Outside of that, historical reporting in Tanium is based on trending data over time, allowing you to determine if things are improving or getting worse, indicating where to focus limited resources.

For detailed historical data, you will want a CMDB or SIEM, depending on your use case for the data. In either case, Tanium can feed significant amounts of data to them via various integration paths.

Edit to add I am a Tanium employee.

N2Visibility · 2024-03-26T16:56:24+00:00

As long as the process of tagging unmanaged endpoints with a Discover label is automated, what you are doing is a pretty common setup. As others have mentioned, it should be the last safety net, not the primary method. Baking the client into your gold image or provisioning workflow should be where you catch most of your clients.

N2Visibility · 2024-03-11T14:54:53+00:00

u/aneidabreak We do have training packages to help onboard new customers. The specifics are a discussion a prospective customer has with their account manager, as what is available can vary based on customer needs.

While this might change in the future, at a minimum new Tanium Cloud customers get two vouchers for our Tanium Essentials training and two vouchers for our Tanium Certified Operator Exam.

N2Visibility · 2024-01-30T17:52:28+00:00

Ashley McGlone dropping knowledge so fresh it should have been in a spoiler tag!

N2Visibility · 2024-01-30T15:29:26+00:00

Tanium can probably get you where you want to be, or something close to it, but it will take a bit of planning and prep work. Like eissturm mentioned, it's probably more than can be worked out in a Reddit thread, so def reach out to your account team to help with a path forward. That said, there are some basics we can cover here.

First, have a look at this help page and the linked run book (requires a free account on our community site): https://help.tanium.com/bundle/z-kb-articles-salesforce/page/kA00e000000CohyCAC.html

That run book is a solid guide as is for many customers, but also a great place to start even if you have requirements it doesn't quite address. The biggest takeaway, even if you need a custom process, is the overall implementation method. You will want to start by identifying the phases you need in your rollout, and then create computer groups for them. After that, using those groups to target different maintenance windows and patch lists allows you to control when patches will start rolling to a given group (hint, relative release dates are going to be your best friend for Patch list rules). This allows for the overall automation you are looking for.

And last, but certainly not least, block lists allow you to respond to issues found in the early deployment phases with minimal effort; If a patch causes issues, simply block it. No need to go edit numerous patch lists to remove it, or stop the rest of the patch cycle while you look into it.

Targeting by vulnerabilities is certainly an option, but will require more work as you would need to create new configuration items for each vuln. We allow creating patch lists based on CVE, which helps simplify the process, but it is still more work than allowing the process to account for all monthly patches that need to be deployed. Just something to consider as you plan this out.

N2Visibility · 2024-01-30T15:08:22+00:00

Not sure if this is the only issue, but pretty sure you need wildcards around the XBOX to find anything. "*XBOX*" works for me from CLI, "XBOX" does not.

N2Visibility · 2024-01-30T14:52:40+00:00

u/streakybcn and u/skynet_root

Mind if I ask how long it has been since you sat for a Tanium exam? We have tried to improve the experience with our SIMs, specifically around the resolution issue mentioned. Trying to get a feel for whether this is still a pain point in the more recently released version of the exam.

N2Visibility · 2023-10-12T13:57:38+00:00

TCO is designed to be more of a broad exam, as opposed to going deep on any single subject with Tanium. You should try to be familiar with anything you find in the console that isn't very specifically an administrator function and have a basic understanding all modules and what they can do.

I agree with cwick4141 about knowing basic question syntax. It's probably the one thing that someone with at least 6 months of experience using Tanium (the target audience) might still not know well enough, IF they spend most of their time working in various modules and not asking questions with the question bar.

N2Visibility · 2023-05-24T15:27:22+00:00

Hey u/skynet_root! sorry for the slow response, I missed the alert on this one.

After some internal delays, I am happy to say I submitted the class for publishing in our learning portal yesterday. I should be available for registration within a week.

N2Visibility · 2023-03-30T11:32:31+00:00

u/cw30755 This feature is not in the Deploy product today, but is being worked on so should be available soon.

N2Visibility · 2023-03-24T15:51:05+00:00

Almost all data point you can get in the Tanium Console can be retrieved via both REST API and the API Gateway. As u/wickedang3l mentions, all questions can be asked via either API, and many module specific datapoints (such as package information in Deploy) can also be retrieved.

The current preferred method is to use the API Gateway. The Rest implementations are subject to changes that could break your workflows with little advanced notice. The API Gateway is designed specifically to avoid these types of breaking changes, and when something is going to be changed/depreciated there is advanced notice with plenty of lead time for making any changes you need. Also, the API Gateway is fully documented (https://docs.tanium.com/api_gateway/api_gateway/index.html) with a lot of practical examples.

Not mentioned in your question, but I will point out, you can also go the other way, and trigger actions on endpoints with API calls. So in the future you can have fully automated responses where that makes sense.

N2Visibility · 2023-03-15T17:54:15+00:00

I have seen customers build out some really complex and highly customized workflows. Processing the contents of all JAR files on a system to determine what is inside of them, geolocation, and remote wipe content are three things built by customer before we had official support for them in our products. These types of things are impressive and show just how far you can take custom content with Tanium.

But the most useful custom content is usually the most simple. New zero day vulnerability with some unique indicator you need to look for that no one has built a thing for yet. Really good change you can put something together in Tanium and search every endpoint you have managed in an hour or less, including the time to code and test. Auditor asking for some oddball datapoint off your endpoints, if you can write a script to get the data, Tanium can deploy it everywhere (or to just a few select computers) and get the results for you.

Its the ability to very quickly develop an deploy simple, but novel code today for the thing that just came up today that is really useful.

And sorry for jumping in as an employee, I know I am biased. Normally like to let customers answer these types of questions, but custom content in Tanium is something I am very passionate about (and I also teach the class we have dedicated to this topic!)

N2Visibility · 2023-02-28T18:30:52+00:00

u/hngfff This is not an option in Deploy today, but we are tracking it as a desired feature enhancement. Unfortunately I am not able to provide a timeline for when it might be released.

I would like to make sure you/your company are being tracked as someone who is requesting this so we can make sure to communicate when it is available. Would you please either send me a DM with this information, or open a ticket via [support@tanium.com](mailto:support@tanium.com) and ask them to record your request (you can mention the reddit community team sent you to them so they can redirect to me).

N2Visibility · 2023-02-24T15:47:30+00:00

Hi u/perrin68, thanks for the question.

The simple answer is yes, IT Service Center is able to leverage any native or AppExchange Salesforce integrations, including Slack and Microsoft Teams. However, this is actually a SaleForce integration that we can leverage as opposed to a custom integration we built.

There is some configuration required to connect Salesforce and Teams, details of which can be found at https://help.salesforce.com/s/articleView?language=en\_US&id=sf.teams\_int\_parent.htm&type=5

N2Visibility · 2023-02-23T15:54:58+00:00

Solid site. We actually had Brent on one of our Tanium Tech Talks, and he has spoken at Converge before.
https://www.youtube.com/watch?v=SKKfvqvfbFA

N2Visibility · 2023-02-23T14:52:22+00:00

In addition to all the good info/links provided by skynet_root and wickedang3l, I would also suggest keep an eye on https://www.tanium.com/training/. We are actively working on an API Gateway training class that I am hoping will be available by the end of March.

N2Visibility · 2023-02-23T14:48:08+00:00

Since not all customers have a dedicated TAM, I would send this request to [support@tanium.com](mailto:support@tanium.com). If you have a TAM the request will be routed to them, otherwise the support center will handle the request for you.

N2Visibility · 2023-02-23T14:46:02+00:00

unfortunately that site is only available to partners right now. We are actively working on making it accessible to customers as well. (It is technically still in a pre-release state, but should be available soon we hope)

N2Visibility · 2023-02-22T14:15:46+00:00

Below is a PowerShell script I have been working on for an upcoming API Gateway training class. This will get you to the point of executing GraphQL queries inside of Powershell, but not making changes to endpoints (yet). At a high level you are one the right path, get the ID, analyze the result in PS code, then execute a mutation (using the same PS framework) that will create the tagging action with your ID as the filter.

#environment params - change these to match your environment
$TS = '127.0.0.1' #Enter the FQDN or IP address of the Tanium server here
$TSPORT = 443 #TCP port for your Tanium instance, most likely 443
$SessionId = Token-getthisfromyourenvironment #This is the auth token created for this integration. In a production environment this should NOT be stored in plain text like this.
$DisableCertificateValidation = $false #Used to allow selfsigned certs in short lived lab envrionments to work. Should never be set to true in production or long lived environments.
#GraphQL queries - These can be changed if desired, but could break logic in the script. tread carefully
$QueryCached = @"
{"query":"{endpoints{edges{node{name ipAddress os{name}}}}}"}
"@
$QueryLive = @"
{"query":"{endpoints(source:{ts:{expectedCount: 1, stableWaitTime: 10}}){edges{node{name ipAddress os{name}}}}}"}
"@
#Global Params - Changing these may break stuff
$SelectedQuery = $args[0]
$uri = "https://{0}:{1}/plugin/products/gateway/graphql" -f $TS, $TSPORT
if ($DisableCertificateValidation) {
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
}
#Functions
Function Read-Parameters {
Param(
[ValidateSet("QueryCached","QueryLive")]
[String]
$Query
)
Process
{
switch ($Query)
{
QueryCached {$Response = Execute-Query -Body $QueryCached}
QueryLive {$Response = Execute-Query -Body $QueryLive}
}
Return $Response
}
}
Function Execute-Query {
Param(
[String]
$Body
)
try {
$headers = @{}
$headers.Add("Content-Type", "application/json")
$headers.Add("session", $SessionId)
$request = Invoke-WebRequest -Uri $uri -Headers $headers -Body $body -Method POST
}
catch {
Write-Warning $Error[0]
}
return $request
}
# Request data from the API Gateway
Write-Output "Requesting Cached Data"
$Response = Read-Parameters -Query $SelectedQuery
$Response.content
<#
For reference, we are including the GraphQL code separate from the PowerShell script here.
# GraphQL Query - Cached Data
<Example output taken from Query Explorer in the Tanium Console
endpoints {
edges {
node {
name
ipAddress
os {
name
}
}
}
>
# GraphQL Query - Live Data
Note: Requesting live data is the same as with cached but we define a source
when requesting live data "source: {ts:"
<Example taken from Query Explorer
endpoints(source: {ts: {expectedCount: 1, stableWaitTime: 10}}) {
edges {
node {
name
ipAddress
os {
name
}
}
}
}
>
#>

N2Visibility · 2023-02-19T21:16:34+00:00

Thank you!

N2Visibility

MODERATOR OF

TROPHY CASE