Tanium (Deprecated)
This Integration is part of the Tanium Pack.#
Deprecated
Use Tanium v2 instead.
Use the Tanium integration to manage questions, packages, and actions.
This integration was integrated and tested with version 7.0.314 of Tanium v7.0.314 and Pytan v2.2.2.
Configure Tanium on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Tanium.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Host URL (e.g. 1.2.3.4)
- Port
- Credentials
- Use system proxy settings
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
Action Commands
- Parse question text: tn-ask-question
- Ask a question about an endpoint: tn-ask-system
- Create and ask a manual question: tn-ask-manual-question
- Deploy a package: tn-deploy-package
- Approve pending (saved) actions: tn-approve-pending-action
- Create a package object: tn-create-package
Information Commands
- Get sensor information: tn-get-sensor
- Get a package object: tn-get-package
- Get a saved question: tn-get-saved-question
- Get an object: tn-get-object
- Get all packages: tn-get-all-packages
- Get all saved questions: tn-get-all-saved-questions
- Get all saved actions: tn-get-all-saved-actions
- Get all pending actions: tn-get-all-pending-actions
- Get all objects: tn-get-all-objects
Debug Commands
Action Commands
1. Parse question text
Ask the server to parse the question text and select one of the parsed results as the question to run.
Base Command
tn-ask-question
Input
| Argument Name | Description | Required |
|---|---|---|
| question | The question text | Required |
| index | The index of the parsed question to be asked (as returned by the tn-parse-query command) | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.QuestionResults | object | Results of the requested question. Can be a complex object. |
Command Example
!tn-ask-question question="Get Computer Name from all machines"
Context Example
{
Tanium: {
QuestionResults:[{
Computer Name: Demisto-Computer,
Count:1
}]
}
}
Human Readable Output
Result for parsed query - Get Computer Name from all machines
| Count | Computer Name |
|---|---|
| 1 | Demisto-Computer |
2. Ask a question about an endpoint
Ask a question about a specific endpoint.
Base Command
tn-ask-system
Input
| Argument Name | Description | Required |
|---|---|---|
| hostname | Name of host | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.QuestionResults | object | Results of requested computer name. Can be a complex object. |
Command Example
!tn-ask-system hostname="Demisto-Computer"
Context Example
{
Tanium: {
QuestionResults:[{
Computer Name: Demisto-Computer,
Count:1
}]
}
}
Human Readable Output
Result for parsed query - Get Computer Name from all machines
| Count | Computer Name |
|---|---|
| 1 | Demisto-Computer |
3. Create and ask a manual question
Ask a manual question using human strings, and get the question results. Use the help argument for full details.
Base Command
tn-ask-manual-question
Input
| Argument Name | Description | Required |
|---|---|---|
| sensors | A semicolon-separated list of sensors (columns) to include in a question. For detailed information use the tn-get-sensor command. | Optional |
| question_filters | A semicolon-separated list of filters that apply to the entire question | Optional |
| question_options |
A semicolon-separated list of options that apply to the entire question. Options are
|
Optional |
| filters_help | Print the help string for filters and exit | Optional |
| sensors_help | Print the help string for sensors and exit | Optional |
| options_help | Print the help string for options and exit | Optional |
| polling_secs | Number of seconds to wait between result fetching attempts | Optional |
| complete_pct | Percentage of mr_tested out of estimated_total to consider the question | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.QuestionResults | object | Results of requested question. May be a complex object |
Command Example
!tn-ask-manual-question sensors="Computer Name, opt:max_data_age:60" question_filters="Index Query File Exists{fileMagicNumber=10}, that contains:No;Computer Name, that contains:WIN"
Context Example
{
Tanium: {
QuestionResults:[{
Computer Name: Demisto-Computer,
Count:1
}]
}
}
Human Readable Output
Result for parsed query - Get Computer Name from all machines
| Count | Computer Name |
|---|---|
| 1 | Demisto-Computer |
4. Deploy a package
Deploy a package and get the results.
Base Command
tn-deploy-package
Input
| Argument Name | Description | Required |
|---|---|---|
| package | Name of package to deploy with this action | Required |
| action_filters | A semicolon-separated list of strings. Each string must describe a sensor and a filter, which limits which computers the action will deploy package to, (e.g., Operating System, that contains:Windows; Computer Name, that contains:WIN ) | Optional |
| action_options | A comma-separated list of options to apply to action_filters (e.g. "max_data_age:3600,and" ). Default is or . | Optional |
| get_results | Specifies whether to wait for result completion after deploying action | Optional |
| package_args | A comma-separated list of arguments needed to execute the package command. Run the tn-get-package command to view a detailed list of arguments. | Optional |
| action_filters_groups | A comma-separated list of computer group names to filter by | Optional |
| action_group | Name of action group | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.SavedActions.Id | string | Saved action ID |
| Tanium.SavedActions.Name | string | Saved action name |
Command Example
!tn-deploy-package package="Comply - Remove Selected Hashes - Unix" package_args=hash1
Context Example
Tanium:{
SavedActions:[{
Id:1050
Name:API Deploy Comply - Remove Selected Hashes - Unix
}]
}
Human Readable Output
Id of saved action is 1050
5. Approve pending (saved) actions
Approve saved actions.
Base Command
tn-approve-pending-action
Input
| Argument Name | Description | Required |
|---|---|---|
| action_id | ID of the saved action to approve | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.ActionApproval.ApprovedFlag | boolean | Approval status |
| Tanium.ActionApproval.Id | string | Saved action ID |
| Tanium.ActionApproval.Name | string | Saved action name |
Command Example
!tn-approve-pending-action id=1050
Context Example
Tanium:{
ActionApproval:[{
ApprovedFlag:1
Id:1050
Name:API Deploy Comply - Remove Selected Hashes - Unix
}]
}
Human Readable Output
Action Approval
| ApprovedFlag | Id | Name |
|---|---|---|
| 1 | 1050 | API Deploy Comply - Remove Selected Hashes - Unix |
6. Create a package object
Create a package object.
Base Command
tn-create-package
Input
| Argument Name | Description | Required |
|---|---|---|
| name | Name of package to create | Required |
| command | Command to execute | Required |
| display_name | Display name of package | Optional |
| file_urls | A comma-separated list of URLs of files to add to the package | Optional |
| command_timeout_seconds | Timeout for command execution (in seconds) | Optional |
| expire_seconds | Timeout for action expiry (in seconds) | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.Packages.verify_expire_seconds | string | Timeout for verifying the action expiry (in seconds) |
| Tanium.Packages.display_name | string | Display name of package |
| Tanium.Packages.name | string | Name of created package |
| Tanium.Packages.command | string | Command to execute |
| Tanium.Packages.creation_time | date | Package creation time |
| Tanium.Packages.command_timeout | number | Timeout for command execution (in seconds) |
| Tanium.Packages.modification_time | date | Package modification time |
| Tanium.Packages.last_update | date | Time when package was last updated |
| Tanium.Packages.deleted_flag | boolean | Was the package deleted |
| Tanium.Packages.id | string | Tanium unique package ID |
| Tanium.Packages.expire_seconds | number | Timeout for action expiry (in seconds) |
Command Example
!tn-create-package command="cmd /c echo $1" name=ExamplePackage display_name="Example Package"
Context Example
Tanium:{
Packages:[{
skip_lock_flag:0
hidden_flag:0
verify_group_id:0
available_time:2001-01-01T00:00:00
last_modified_by:Shani
verify_expire_seconds:3600
display_name:Echo
name:EchoPackage
command:cmd /c echo $1
creation_time:2018-08-23T15:22:54
command_timeout:600
modification_time:2018-08-23T15:22:54
last_update:2018-08-23T15:22:54
deleted_flag:0
_type:package_spec
verify_group:{}
_type:group
id:0
id:771
expire_seconds:600
source_id:0
}]
}
Human Readable Output
Tanium Package
| id | name | creation_time | command |
|---|---|---|---|
| 772 | EchoPackage | 2018-08-23T15:22:54 | cmd /c echo $1 |
Information Commands
1. Get sensor information
Get detailed information about a specified sensor.
Base Command
tn-get-sensor
Input
| Argument Name | Description | Required |
|---|---|---|
| name | Name of the sensor | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.Sensors.max_age_seconds | number | Sensor maximum age (in seconds) |
| Tanium.Sensors.description | string | Description of the sensor |
| Tanium.Sensors.name | string | Name of the sensor |
| Tanium.Sensors.id | string | ID of the sensor |
Command Example
!tn-get-sensor name="Index Query File Exists"
Context Example
Tanium:{
Sensors:[{
hidden_flag:0
string_count:6
max_age_seconds:86400
queries:{
_type:queries
query:[{
_type:query
platform:Windows
script:select CSName from win32_operatingsystem
script_type:WMIQuery
}]
}
exclude_from_parse_flag:0
value_type:String
name:Computer Name
ignore_case_flag:1
_type:sensor
id:3
description:The assigned name of the client machine. Example: workstation-1.company.com
category:Reserved
source_id:0
}]
}
Human Readable Output
Tanium Sensor - Index Query File Exists
| id | name | category | description | max_age_seconds |
|---|---|---|---|---|
| 706 | Index Query File Exists | Index | Returns Yes or No, using Index to determine whether specified file exists based on the supplied input | 900 |
Sensor Parameters Details
| Key | Name | Values | Description | Type |
|---|---|---|---|---|
| directoryPath | Directory Path | Any value | Glob of directory name used for searching,e.g. Windows | TextInputParameter |
| fileName | File Name | Any value | Glob of file name used for searching, e.g. *exe | TextInputParameter |
2. Get a package object
Get a package object by name or ID.
Base Command
tn-get-package
Input
| Argument Name | Description | Required |
|---|---|---|
| name | Name of package | Optional |
| id | Tanium ID of package (use instead of name) | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.Packages.verify_expire_seconds | number | Timeout for verifying action (in seconds) |
| Tanium.Packages.display_name | string | Display name of package |
| Tanium.Packages.name | string | Name of created package |
| Tanium.Packages.command | string | Command to execute |
| Tanium.Packages.creation_time | date | Package creation time |
| Tanium.Packages.command_timeout | number | Timeout for command execution (in seconds) |
| Tanium.Packages.modification_time | date | Package modification time |
| Tanium.Packages.last_modified_by | string | User who last modified packge |
| Tanium.Packages.last_update | date | Time when package was last updated |
| Tanium.Packages.deleted_flag | boolean | Was the package deleted |
| Tanium.Packages.id | string | Tanium unique package ID |
| Tanium.Packages.expire_seconds | number | Timeout for action (in seconds) |
| Tanium.Packages.files | object | Package files |
Command Example
!tn-get-package name="Set Mac Tanium Client Logging Level"
Context Example
Tanium:{
Packages:[{
skip_lock_flag:0
hidden_flag:0
verify_group_id:0
available_time:2016-04-06T13:03:12
last_modified_by:Administrator
verify_expire_seconds:600
display_name:Set Mac Tanium Client Logging Level
parameter_definition:{"parameters":[{"maximum":99,"key":"$1","stepSize":1,"label":"Log Level (0-99)","helpString":"Enter a logging level, 0=no logging, 99=verbose logging","snapInterval":1,"defaultValue":"1","minimum":0,"value":"1","parameterType":"com.tanium.components.parameters::NumericParameter","model":"com.tanium.components.parameters::NumericParameter"}],"parameterType":"com.tanium.components.parameters::ParametersArray","model":"com.tanium.components.parameters::ParametersArray"}
name:Set Mac Tanium Client Logging Level
command:/bin/sh set-log-level-parameterized.sh $1
creation_time:2018-01-10T18:37:56
command_timeout:900
modification_time:2018-01-10T18:37:56
last_update:2018-01-10T18:37:56
deleted_flag:0
files:{}
_type:package_spec
verify_group:{}
_type:group
id:0
id:50
expire_seconds:1500
source_id:0
}]
}
Human Readable Output
Tanium Package
| id | name | creation_time | command | last_modified_by |
|---|---|---|---|---|
| 50 | Set Mac Tanium Client Logging Level | 2018-01-10T18:37:56 | /bin/sh set-log-level-parameterized.sh $1 | Administrator |
Package Arguments Details
| Key | Name | Values | Description | Type |
|---|---|---|---|---|
| $1 | Log Level (0-99) | Any value | Enter a logging level, 0=no logging, 99=verbose logging | NumericParameter |
3. Get a saved question
Get a saved question by name or ID.
Base Command
tn-get-saved-question
Input
| Argument Name | Description | Required |
|---|---|---|
| name | Name of saved question | Optional |
| id | Tanium unique id of saved question to be used instead of name | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.SavedQuestions.query_text | string | Question query text |
| Tanium.SavedQuestions.mod_time | date | Question modification time |
| Tanium.SavedQuestions.user.id | string | Unique ID of user who saved question |
| Tanium.SavedQuestions.user.name | string | Name of user who saved question |
| Tanium.SavedQuestions.name | string | Name of saved question |
| Tanium.SavedQuestions.expire_seconds | number | Question expiration time (in seconds) |
| Tanium.SavedQuestions.id | string | Unique ID of the saved question |
| Tanium.SavedQuestions.issue_seconds | number | Issue time (in seconds) |
Command Example
!tn-get-saved-question id=132
Context Example
Tanium:{
SavedQuestions:[{
row_count_flag:0
hidden_flag:0
public_flag:1
query_text:Get Is Virtual and Chassis Type from all machines
issue_seconds_never_flag:0
keep_seconds:0
question:{}
archive_enabled_flag:0
mod_user:{}
mod_time:2018-01-10T18:38:00
action_tracking_flag:0
name:Virtualized / Physical Chassis
user: {}
most_recent_question_id:519303
packages:{}
archive_owner:{}
sort_column:0
_type:saved_question
issue_seconds:120
id:182
cache_row_id:68
expire_seconds:600
}]
}
Human Readable Output
Tanium Saved Question
| query_text | name | id |
|---|---|---|
| Get Computer Name and Operating System from all machines with Action Lock Status containing "Action Lock On" | Clients That Cannot Take Actions - Action Lock On | 132 |
4. Get an object
Send a generic get object request.
Base Command
tn-get-object
Input
| Argument Name | Description | Required |
|---|---|---|
| name | Name of object | Optional |
| id | Tanium ID of the object (use instead of name) | Optional |
| object_type | Type of object to get | Required |
Context Output
There is no context output for this command.
Command Example
!tn-get-object object_type=sensor name="Computer Name"
Human Readable Output
{
"_type": "sensors",
"sensor": [
{
"_type": "sensor",
"category": "Reserved",
"description": "The assigned name of the client machine.\nExample: workstation-1.company.com",
"exclude_from_parse_flag": 0,
"hash": 3409330187,
"hidden_flag": 0,
"id": 3,
"ignore_case_flag": 1,
"max_age_seconds": 86400,
"name": "Computer Name",
"queries": {},
"source_id": 0,
"string_count": 6,
"value_type": "String"
}
]
}
5. Get all packages
Get all Tanium package objects
Base Command
tn-get-all-packages
Input
There is no input for this command.
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.Packages.verify_expire_seconds | number | Timeout for verifying the action (in seconds) |
| Tanium.Packages.display_name | string | Display name of package |
| Tanium.Packages.name | string | Name of created package |
| Tanium.Packages.command | string | Command to execute |
| Tanium.Packages.creation_time | date | Package creation time |
| Tanium.Packages.command_timeout | number | Timeout for command execution (in seconds) |
| Tanium.Packages.modification_time | date | Package modification time |
| Tanium.Packages.last_modified_by | string | User who last modified packge |
| Tanium.Packages.last_update | date | Time when package was last updated |
| Tanium.Packages.deleted_flag | boolean | Is the package deleted |
| Tanium.Packages.id | string | Tanium unique package ID |
| Tanium.Packages.expire_seconds | number | Timeout for the action (in seconds) |
| Tanium.Packages.files | unknown | Package files |
Command Example
!tn-get-all-packages
Context Example
Tanium:{
Packages:[{
skip_lock_flag:0
hidden_flag:0
verify_group_id:0
available_time:2016-04-06T13:03:12
last_modified_by:Administrator
verify_expire_seconds:600
display_name:Set Mac Tanium Client Logging Level
parameter_definition:{"parameters":[{"maximum":99,"key":"$1","stepSize":1,"label":"Log Level (0-99)","helpString":"Enter a logging level, 0=no logging, 99=verbose logging","snapInterval":1,"defaultValue":"1","minimum":0,"value":"1","parameterType":"com.tanium.components.parameters::NumericParameter","model":"com.tanium.components.parameters::NumericParameter"}],"parameterType":"com.tanium.components.parameters::ParametersArray","model":"com.tanium.components.parameters::ParametersArray"}
name:Set Mac Tanium Client Logging Level
command:/bin/sh set-log-level-parameterized.sh $1
creation_time:2018-01-10T18:37:56
command_timeout:900
modification_time:2018-01-10T18:37:56
last_update:2018-01-10T18:37:56
deleted_flag:0
files:{}
_type:package_spec
verify_group:{}
_type:group
id:0
id:50
expire_seconds:1500
source_id:0
}]
}
Human Readable Output
Tanium Packages
| id | name | creation_time | command | last_modified_by |
|---|---|---|---|---|
| 734 | Detect Intel for Windows | 2001-01-01T00:00:00 | cmd /c cscript /nologo run-add-intel-package.vbs 2>&1 | |
| 672 | Remove Tanium Trace Tools [Mac-Linux] | 2018-08-21T10:57:13 | /bin/bash remove_tanium_trace_tools.sh | Administrator |
6. Get all saved questions
Gets all saved questions.
Base Command
tn-get-all-saved-questions
Input
There are no inputs for this command.
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.SavedQuestions.query_text | string | Question query text |
| Tanium.SavedQuestions.mod_time | date | Question modification time |
| Tanium.SavedQuestions.user.id | string | Unique ID of the user who saved question |
| Tanium.SavedQuestions.user.name | string | Name of the user who saved question |
| Tanium.SavedQuestions.name | string | Name of saved question |
| Tanium.SavedQuestions.expire_seconds | number | Question expiration time (in seconds) |
| Tanium.SavedQuestions.id | string | Unique ID of the saved question |
| Tanium.SavedQuestions.issue_seconds | number | Issue time (in seconds) |
Command Example
!tn-get-all-saved-questions
Context Example
Tanium:{
SavedQuestions:[{
row_count_flag:0
hidden_flag:0
public_flag:1
query_text:Get Is Virtual and Chassis Type from all machines
issue_seconds_never_flag:0
keep_seconds:0
question:{}
archive_enabled_flag:0
mod_user:{}
mod_time:2018-01-10T18:38:00
action_tracking_flag:0
name:Virtualized / Physical Chassis
user: {}
most_recent_question_id:519303
packages:{}
archive_owner:{}
sort_column:0
_type:saved_question
issue_seconds:120
id:182
cache_row_id:68
expire_seconds:600
}]
}
Human Readable Output
Tanium Saved Questions
| query_text | name | id |
|---|---|---|
| Get Is Virtual and Chassis Type from all machines | Virtualized / Physical Chassis | 182 |
| Get Installed Applications starting with "adobe reader" from all machines | Adobe Reader Versions | 197 |
7. Get all saved actions
Gets all saved actions.
Base Command
tn-get-all-saved-actions
Input
There is no input for this command.
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.SavedActions.distribute_seconds | number | Distribute seconds of action |
| Tanium.SavedActions.public_flag | boolean | Whether action is public or not |
| Tanium.SavedActions.action_group_id | string | Group ID of action |
| Tanium.SavedActions.approver.id | string | ID of the user who approved the action |
| Tanium.SavedActions.start_time | date | Action start time |
| Tanium.SavedActions.name | string | Action name |
| Tanium.SavedActions.user.id | string | ID of the user who created the action |
| Tanium.SavedActions.creation_time | date | Time the action was created |
| Tanium.SavedActions.end_time | date | Time the action ended |
| Tanium.SavedActions.status | string | Action status |
| Tanium.SavedActions.last_start_time | date | Last time action started |
| Tanium.SavedActions.id | string | ID of action |
| Tanium.SavedActions.package_spec.id | string | The package associated with the action |
| Tanium.SavedActions.approved_flag | boolean | Whether action was approved or not |
Command Example
!tn-get-all-saved-actions
Context Example
Tanium:{
SavedActions:[{
distribute_seconds:0
public_flag:0
action_group_id:0
approver:{}
issue_count:0
start_time:2001-01-01T00:00:00
name:Unscheduled - Clean Stale Tanium Client Data
user:{}
creation_time:2016-08-10T07:12:58
metadata:{}
target_group:{}
end_time:Never
status:1
last_start_time:Never
package_spec:{}
approved_flag:1
next_start_time:Never
_type:saved_action
issue_seconds:0
policy_flag:0
id:94
cache_row_id:1
user_start_time:2016-08-10T07:13:00
expire_seconds:1800
last_action:{}
}]
}
Human Readable Output
Tanium Saved Actions
| id | name | creation_time | action_group_id | approved_flag |
|---|---|---|---|---|
| 914 | API Deploy USB Write Protect - Set to On | 2018-08-17T01:59:31 | 0 | 0 |
| 939 | Start Tanium Trace Session | 2018-08-21T07:00:52 | 2334 | 0 |
8. Get all pending actions
Gets all pending actions.
Base Command
tn-get-all-pending-actions
Input
There is no input for this command.
Context Output
| Path | Type | Description |
|---|---|---|
| Tanium.PendingActions.distribute_seconds | number | Distribute seconds of action |
| Tanium.PendingActions.public_flag | boolean | Whether action is public or not |
| Tanium.PendingActions.action_group_id | string | Group ID of action |
| Tanium.PendingActions.approver.id | string | ID of the user who approved the action |
| Tanium.PendingActions.start_time | date | Action start time |
| Tanium.PendingActions.name | string | Action name |
| Tanium.PendingActions.user.id | string |
IDÂ of the user who created the action |
| Tanium.PendingActions.creation_time | date | Time the action was created |
| Tanium.PendingActions.end_time | date | Time the action ended |
| Tanium.PendingActions.status | string | Action status |
| Tanium.PendingActions.last_start_time | date | Last time action started |
| Tanium.PendingActions.id | string | ID of the action |
| Tanium.PendingActions.package_spec.id | string | The package associated with the action |
| Tanium.PendingActions.approved_flag | boolean | Whether the action was approved |
Command Example
!tn-get-all-pending-actions
Context Example
Tanium:{
PendingActions:[{
distribute_seconds:0
public_flag:0
action_group_id:0
approver:{}
issue_count:0
start_time:2001-01-01T00:00:00
name:Unscheduled - Clean Stale Tanium Client Data
user:{}
creation_time:2016-08-10T07:12:58
metadata:{}
target_group:{}
end_time:Never
status:1
last_start_time:Never
package_spec:{}
approved_flag:1
next_start_time:Never
_type:saved_action
issue_seconds:0
policy_flag:0
id:94
cache_row_id:1
user_start_time:2016-08-10T07:13:00
expire_seconds:1800
last_action:{}
}]
}
Human Readable Output
Tanium Pending Actions
| id | name | creation_time | action_group_id | approved_flag |
|---|---|---|---|---|
| 914 | API Deploy USB Write Protect - Set to On | 2018-08-17T01:59:31 | 0 | 0 |
| 939 | Start Tanium Trace Session | 2018-08-21T07:00:52 | 2334 | 0 |
9. Get all objects
Gets all objects of the specified type.
Base Command
tn-get-all-objects
Input
| Argument Name | Description | Required |
|---|---|---|
| object_type | Type of object to get | Required |
Context Output
There is no context output for this command.
Command Example
!tn-get-all-objects object_type=package
Human Readable Output
{
"_type": "sensors",
"sensor": [
{
"_type": "sensor",
"category": "Reserved",
"description": "The assigned name of the client machine.\nExample: workstation-1.company.com",
"exclude_from_parse_flag": 0,
"hash": 3409330187,
"hidden_flag": 0,
"id": 3,
"ignore_case_flag": 1,
"max_age_seconds": 86400,
"name": "Computer Name",
"queries": {},
"source_id": 0,
"string_count": 6,
"value_type": "String"
}
]
}
### tn-get-all-sensors *** Gets all sensors #### Base Command `tn-get-all-sensors` #### Input There are no input arguments for this command. #### Context Output There is no context output for this command. ### tn-get-action *** Get detailed information about a given action. #### Base Command `tn-get-action` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | | id | ID of action of retrieve. | Optional | #### Context Output | **Path** | **Type** | **Description** | | --- | --- | --- | | Tanium.Actions.name | string | Name of the actions | | Tanium.Actions.id | number | ID of the action | | Tanium.Actions.status | string | Status of the action - Closed, Pending, etc. | | Tanium.Actions.start_time | date | Time when the action started running | | Tanium.Actions.approver.name | string | Name of Tanium user who approved the action | | Tanium.Actions.creation_time | date | Time when the action was created | | Tanium.Actions.package_spec.command | string | The command that is issued by the action | | Tanium.Actions.package_spec.name | string | Name of the package that was deployed |
Debug Commands
1. Request the server to parse question text
Ask the server to parse the question text and return all parsing options.
Base Command
tn-parse-query
Input
| Argument Name | Description | Required |
|---|---|---|
| question | The question text to be parsed | Optional |
Context Output
There is no context output for this command.
Command Example
!tn-parse-query question="get computer name"
Human Readable Output
Tanium Questions
| index | question |
|---|---|
| 1 | Get Computer Name from all machines |
| 2 | Get Computer ID from all machines |
| 3 | Get Computer ID containing "name" from all machines |