IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

ClientLocation 2.1.1.0001

From Tanium Knowledge Base
Jump to navigation Jump to search


Introduction: Tanium Client Network Location

Determine if a Tanium client is on or off the network.

Download Location

This content is available at: https://content.tanium.com/files/published/ClientLocation/2017-07-25_11-58-14_2.1.1.0001-g811ce4c/ClientLocation.xml

Usage

A client location configuration package is deployed with values specific to the customers deployment. A sensor reads from this configuration file and performs various checks against the local system to determine it's relative network state as on or off site. Black listing of IPs and subnets are possible as well via the configuration files.

Packages

Create Client Location Config

The Create Client Location Config package is used to generate a config on Windows systems that will be used by the Client Network Location sensor to determine the relative state of the endpoint as on or off site.

  • Tanium Server and IP values are the internal Tanium Server and respective IPs.
  • Zone Server and IP values are the external facing Tanium Server and Respective IPs. This value is not limited to only Zone Servers, but for any remote facing Tanium Servers and their external IP addresses.
  • VPN Adapter Name is pattern matched, and derived from the Win32_NetworkAdapter Name property.
  • Black List and White List IPs and Ranges are pattern matched values from left to right of a subnet you wish to always exclude or include.

This package contains 1 files and 0 sensors.

Additional Properties:

  • Command Line: cmd /c start /B cscript //T:3600 Location_Config.vbs /TaniumServer:$1 /ZoneServer:$2 /VPN:$3 /BlackList:$4 /WhiteList:$5
  • Command Line Timeout: 60

Prompts:

Name / Value Prompt Help Type Possible / Default Values
Tanium Server and IP server:ip,server2:ip2 Text
Zone Server and IP server:ip,server2:ip Text
VPN Adapter Name Cisco AnyConnect,Juniper Text
Black List IPs and Ranges 10.0.1.,10.1.1.32,10.2. Text
White List IPs and Ranges 10.0.1.,10.1.1.32,10.2. Text

Files:

  • Location_Config.vbs

Remove Client Location Config

The Remove Client Location Config package is used to remove the existing client location configuration file from Windows endpoints. This package contains 1 files and 0 sensors.

Additional Properties:

  • Command Line: cmd /c cscript.exe delete-client-location-config.vbs
  • Command Line Timeout: 60

Prompts:

Files:

  • delete-client-location-config.vbs

Create Client Location Config - Non-Windows

The Create Client Location Config - Non-Windows package is used to generate a config on Non-Windows systems (Mac and Linux) that will be used by the Client Network Location sensor to determine the relative state of the endpoint as on or off site.

  • Tanium Server and IP values are the internal Tanium Server and respective IPs.
  • Zone Server and IP values are the external facing Tanium Server and Respective IPs. This value is not limited to only Zone Servers, but for any remote facing Tanium Servers and their external IP addresses.
  • Black List and White List IPs and Ranges are pattern matched values from left to right of a subnet you wish to always exclude or include.

This package contains 1 files and 0 sensors.

Additional Properties:

  • Command Line: /bin/bash Location_Config.sh $1 $2 $3 $4
  • Command Line Timeout: 60

Prompts:

Name / Value Prompt Help Type Possible / Default Values
Tanium Server and IP server:ip,server2:ip2 Text
Zone Server and IP server:ip,server2:ip Text
Black List IPs and Ranges 10.0.1.,10.1.1.32,10.2. Text
White List IPs and Ranges 10.0.1.,10.1.1.32,10.2. Text

Files:

  • Location_Config.sh

Remove Client Location Config - Non-Windows

The Remove Client Location Config - Non-Windows package is used to remove the existing client location configuration file from Non-Windows (Mac and Linux) endpoints. This package contains 1 files and 0 sensors.

Additional Properties:

  • Command Line: /bin/bash delete-client-location-config.sh
  • Command Line Timeout: 60

Prompts:

Files:

  • delete-client-location-config.sh

Sensors

Client Network Location

The Client Network Location sensor reads values set within the Client Location Config and attempts to determine the systems location state as on or off network.

  1. The first checks performed by the sensor are the presence of the systems IP address within the blacklisted or whitelisted subnet range. If it appears there it is an immediate assertion of off-site or on-site respectively.
  2. The next step will be determining if the system has an active VPN session. If a VPN session is established the assertion made is the system is off site. If not then a current server check and connection check will be performed.
  3. The Tanium settings are then checked for currently active Tanium server and a connection check via netstat outputs to validate the IP is a match if a split DNS configuration has been determined.

Based on the configuration of Tanium Servers to Tanium Zone Servers in the config file the resulting match will report accordingly.

Used in conjunction with Create Client Location Config will logically determine if a client is on or off the organizations network. Primary use is for Discover targeting.
Example: On-Site

Has Client Location Config

The Has Client Location Config sensor is used to determine if the Client Location Config exists on an endpoint. Returns True or False if Client Location Config exists on the endpoint.

Client Location Config

The Client Location Config sensor is used to view the values within the Client Location Config on Windows and Non-Windows (Mac and Linux) systems. The goal is to allow easy configuration review across the enterprise. Reads Client Location Config if it exists on the local machine.