The questions to ask for this plugin when “get_tanium_data” mode is enabled set as a dictionary variable GET_TANIUM_DATA.
Use an OrderedDict to ensure questions are asked in the order defined in the plugin.
This should be a dictionary that defines a mapping of “csv_filename” => “pytan ask_manual parameters”.
The dictionary key “csv_filename” is a string set to the name of the file to save the results to in config[data].
The dictionary value “pytan ask_manual parameters” is a dictionary with two keys:
sensors: list of sensor strings (left side of the question)filters: list of filter strings (right side of the question)For example, to ask the question Get Installed Applications containing "adobe" from all machines from Tanium and have the results stored in config[data_path]/adobe.csv, a GET_TANIUM_DATA dictionary entry would look like this:
1 2 3 4 5 6 | GET_TANIUM_DATA = OrderedDict()
GET_TANIUM_DATA["adobe.csv"] = {
"filters": [],
"sensors": ["Installed Applications, that contains:adobe"],
}
|
The format of the strings used in filters and sensors are specific to PyTan, and while they are similar in nature to the syntax used by the console, they are not the same!
Note
In the latest release of Tanium HAT, we’ve added support for managing Tanium Question options.
To manage Tanium Question options inside your Plugin file, simply add an options key with your desired Tanium Question Options settings.
An example of what that may look like follows below:
1 2 3 4 5 6 7 8 | GET_TANIUM_DATA["blah.csv"] = {
"sensors": ["Installed Applications"],
"filters": [
"Installed Applications, that re:tanium client\s?(\||\d).*",
"Installed Applications, that re:tanium client.*6\.0\.314\.1510.*",
],
"options": ["and", "ignore_case"]
}
|
Read up on pytan sensor strings and sensor options here : http://tanium.github.io/pytan/_static/bin_doc/ask_manual.html#user-content-print-the-help-for-sensors
Read up on pytan filter strings here : http://tanium.github.io/pytan/_static/bin_doc/ask_manual.html#user-content-print-the-help-for-filters