A-B | C-D | E-H | I-M | N-Q | R-T | U-Z



A package and associated settings, such as scheduling and targeting information, that are deployed to endpoints to perform operations.

action approval

A process of ensuring that actions do not run until a second user approves them.

action group

A collection of one or more computer groups to which an action is deployed.

action lock

An action that is deployed to endpoints to prevent the Tanium™ Client from running other actions.

ad hoc question

An unsaved query that you can create in the question bar to get information from endpoints. Also referred to as a dynamic question.

allowed URL

A URL from which the Tanium Server allows downloads to the Tanium Client.

asset criticality

A rating on individual endpoints used to assess the impact of an endpoint to the overall risk score.

background scan

A scan for intel matches that runs automatically on an interval specified by a Tanium™ Threat Response configuration.

backward leader

The client that receives sensors, questions, and actions for its linear chain from the Tanium™ Server.

block list

A list of objects, such as URLs, applications, files, or patches, to which endpoints are denied access.


An organized collection of panels.


A sequenced list of software packages.

A-B | C-D | E-H | I-M | N-Q | R-T | U-Z



The typical number of unique values, as opposed to duplicate values, in the sensor results from a set of endpoints.


A collection of dashboards that are related by purpose or subject matter.

centralized scan

A discovery method that uses the Tanium™ Module Server to find unmanaged interfaces beyond the local network.


A fragment of a package file that is distributed across a linear chain


An endpoint that has the Tanium Client installed.

client-based scan

A Tanium™ Comply scan that runs on managed endpoints.

client deployment

An action of installing the Tanium Client on endpoints.

compensating controls

A set of security best practices or configurations for hardware, operating systems, and storage that you can apply to endpoints to reduce the risk score for those endpoints.

computer group

A configuration object that defines a set of endpoints. It is used as a filter in questions and question results (filter group) or to assign management rights for viewing results and deploying actions (management groups).

computer management group

A configuration that assigns a user permission to perform operations, such as viewing question results and deploying actions, on a defined set of endpoints.

configuration item

A component that must be managed to deliver an IT service.


Collective term for sensors, packages, scheduled actions, saved questions, dashboards, categories, plug-ins, and filter groups. Tanium modules can supply additional types of content, and users can define custom content.

content administrator

A reserved role that grants action management privileges and read/write privileges on all content sets.

content pack

A solution distributed by Tanium that includes content such as sensors, packages, and saved questions.

content set

A group of related content, such as sensors, packages, and saved questions, to which a permission applies.

custom check

An arbitrary PowerShell, VBScript, or UNIX shell script that is used to evaluate conditions on an endpoint.

custom ID mapping

A configuration that maps a custom check ID or XCCDF rule ID to an arbitrary value.


An organized collection of charts supplied by Tanium™ Reporting.

data source

A sensor or external source that provides data that you can use to build reports and dashboards in Reporting.

deployment template

A collection of settings that can be used to repeatedly issue deployments.


An external server or piece of software to which Tanium data is sent.

discovery method

A scanner that finds unmanaged interfaces.

distributed scan

A discovery method that uses managed endpoints to find unmanaged interfaces.

drill down

The action of issuing an additional question to the endpoints in the results grid.

dynamic question

An unsaved query that you can create in the question bar to get information from endpoints.

A-B | C-D | E-H | I-M | N-Q | R-T | U-Z



A node on a computer network, such as a computer or network device.

endpoint must gather

A bundle of logs and other artifacts collected from an endpoint for troubleshooting purposes.


An application of a policy on the targeted endpoint.


A source of data for Tanium™ Asset, such as a Tanium sensor or external database table. Each entity can contain one or more attributes.

evaluation engine

A process that can be deployed to endpoints to search for potential threats based on a piece of intel.

event recorder

A process that continuously saves key forensic evidence on each endpoint.

Event Recorder Driver

A driver that provides a source of process and command-line events on supported Windows endpoints.

file chunking

A distribution of a single file as a set of small files in order to limit the impact on network performance.

file indexer

A process that can be deployed to endpoints to index local file systems, compute file hashes, and gather file attributes and magic numbers.

filter group

A type of computer group that is used as a filter in questions and question results.

forward leader

The client that returns question answers and action statuses from its linear chain to the Tanium Server.


A process of disabling functionality in the client environment that would otherwise enable users to make inadvertent changes or deliberately evade endpoint management by Tanium.

A-B | C-D | E-H | I-M | N-Q | R-T | U-Z



A collection of artifacts to detect and respond to a potential intrusion.

intentional subnet

Endpoints within a range of Network Address Translation (NAT) IP addresses that can peer with each other.

isolated subnet

A network in which endpoints cannot peer with each other or with endpoints outside the network.


A client on one end of a linear chain that has an intermittent connection with the Tanium Server to receive questions or send answers on behalf of the client neighborhood.

linear chain

An architecture for exchange of information and data among endpoints that are running Tanium Client.

linear chain leader

See leader.

live endpoint

A connection to an endpoint to conduct real-time analysis of activity on that endpoint.

Live Response

A utility that collects forensic information from endpoints and transfers the results to a network location.

managed endpoint

An endpoint on which a registered Tanium Client is running.

managed interface

A unique MAC address on an endpoint managed by Tanium.

managed source

A read-only source such as a module source or a saved question source that Tanium provides.


An XML file that lists the content and solutions published through

merge (questions)

The act of adding the results from an additional question to the current data in the results grid.


A solution that extends the functionality of the Tanium™ Core Platform.

module role

A type of role that grants access to Tanium solution workbenches, features, and content sets.

module source

A configuration that defines data that a Tanium module provides to Tanium™ Trends.


A group of settings that determine how watchlists are deployed to endpoints for continuous recording of file events.

A-B | C-D | E-H | I-M | N-Q | R-T | U-Z


natural language parser

A component that transforms user questions into valid syntax for querying endpoints.

neighborhood leader

See leader.

network unauthenticated scan

A scan that uses Tanium Clients as satellites to return Comply scan data for unmanaged endpoints. Credentials are not required to scan unmanaged endpoints.


A script and files deployed to an endpoint for administrative action, like installation of a patch.

packages gallery

A collection of software package templates.


A visualization for data collected by a source.

parameterized package

A type of package that takes command-line arguments.

parameterized sensor

A type of sensor for which you specify a parameter when defining a question.


An expression that matches entities that can otherwise be hidden in the context of other information.


A set of roles and computer groups that a user selects for a Tanium session and that restricts what the user can see and do with Tanium products.


An extension to a Tanium Core Platform component or solution module.


An endpoint configuration that contains settings to enforce or a set of tasks to run.

policy action

A scheduled action that enforces policies on endpoints.


A set of configurations, rules, or parameters that applies to one or more computer groups.


A block that can be put on an endpoint to isolate it from the rest of the network.

quarantined sensor

A sensor that exceeded the one-minute timeout when it last ran on an endpoint.


A query to managed endpoints that returns answers based on the output of sensors.

quick scan

An action that sends a single piece of intel to the endpoints for immediate matching and alert reporting.

A-B | C-D | E-H | I-M | N-Q | R-T | U-Z



An optional package that users can deploy to their endpoints to solve an issue.

remote authenticated scan

A secure scan that uses Tanium Clients as satellites to return Comply scan data for unmanaged endpoints. Credentials are required to scan unmanaged endpoints.


An indicator of threat level for a file hash: malicious, non-malicious, suspicious, or unknown.

reserved role

A non-configurable, Tanium-defined role that assigns permissions for special-purpose capabilities, such as managing the Tanium license, that are unavailable to non-reserved roles.

reserved sensor

A core system sensor that you cannot edit.

response action

An action that runs one time during a provided time range, and re-runs later if the endpoint is not online during the initial run.

risk vector

A data point used to assess risk for a specific category as part of the formula to calculate the risk score.

root keys

The public-private root key pair at the top of the Tanium key infrastructure that is required for all subordinate keys to secure connections among Tanium Core Platform components.


An endpoint with the Tanium Client installed that is designated to scan endpoints that do not have the Tanium Client installed.

satellite scan

A discovery method that uses a satellite endpoint to scan for or detect unmanaged interfaces that cannot be reached directly from the Module Server, such as subnets that have only a bridged connection to the main network.

saved question

A configuration object that includes question syntax and reissue settings to get information from endpoints.

saved question source

A configuration that defines a Trends saved question, how often to issue the question, and when to collect results from endpoints.

scan configuration

A group of settings that determine the technique and frequency to search endpoints for patches.


A script that the Tanium Client runs on an endpoint to return an answer to a question.

sensor-sourced package

A type of parameterized package that uses sensor output instead of user input as run-time command-line arguments.

separated subnet

A subset of endpoints within the AddressMask subnet boundaries that can peer with each other but not with endpoints outside that subset.

service account

A user account that Tanium products use to run services and background processes on Tanium Core Platform servers.

shared service

A solution that shares data or functionality across Tanium products or third-party applications.


An expression to evaluate process, network, registry, and file events on an endpoint. Signals are available as a feed from Tanium, or you can author your own signals.

signed content

A content XML file signed by a cryptographic private key that corresponds with a public key that was added to the Tanium Server installation.


A module, shared service, or content pack that extends the functionality of the Tanium Core Platform.


A configuration that defines where data originates.

Tanium™ Cloud Management Portal

The graphical user interface that a Tanium Cloud administrator uses to configure the identity provider that is required to operate with Tanium Cloud, and view Tanium entitlements and other common information about the Tanium Cloud instance.

Tanium™ Console

The graphical user interface that you use to manage the Tanium Core Platform and to access Tanium modules and shared services.

Tanium™ Data Service (TDS)

A service that stores sensor results for endpoints. The service queries all managed endpoints to collect the results of sensors registered for collection and stores them in the Tanium database.

Tanium Module Server

The Tanium Core Platform server that runs application services and stores files for Tanium solution modules.

Tanium™ Recorder Client Extension

A service that continuously saves file activity on each endpoint.

Tanium Server

A server that runs the Tanium Console and API services, and that communicates with Tanium Clients (directly or through a Zone Server), other Tanium Core Platform servers, and the servers.


The hardened Linux-based operating system that runs on the Tanium Appliance.


The act of specifying which endpoints must answer a question or run an action.

Technical Account Manager (TAM)

A staff member from Tanium who helps to configure and troubleshoot Tanium deployments.

temporary sensor

An instance of a parameterized sensor that includes a specific value in a saved question.

third-party content

A type of content not developed by Tanium or the customer that is imported into the customer environment.

trigger condition

An indicator on an endpoint that causes the endpoint to prompt the end user to take a survey.

A-B | C-D | E-H | I-M | N-Q | R-T | U-Z


unmanaged endpoint

An endpoint on which there is no registered Tanium Client running.

unmanaged interface

A unique MAC address on a device that is not managed by Tanium.

unmanageable interface

A unique MAC address on a device that cannot be managed by Tanium, such as a printer or router.


The confirmation or rejection of a pattern match to improve the accuracy of rule performance and to reduce the number of false positive results on the data that rules target.


A filtered version of Asset data for exporting to a destination.

virtual sensor

A sensor that contains data gathered from endpoint data and sensors.

vulnerability source

A local path or URL to an Open Vulnerability and Assessment Language (OVAL) definitions file.


A set of files or directories to watch for changes.


A user interface that facilitates management tasks for Tanium solutions.

Zone Proxy

A service that acts as a proxy between the Tanium Server and Zone Server.

Zone Server

A server that is typically deployed in an enterprise DMZ network to proxy traffic between Tanium Clients that reside in untrusted external networks and a Tanium Server that resides in the trusted internal network.

Zone Server Hub

A service that acts as a proxy between the Tanium Server and Zone Server.

A-B | C-D | E-H | I-M | N-Q | R-T | U-Z