Query Cheat Sheet

Check installed Chrome version

  • Ask a Question → type: installed application version
  • Parameter → Enter an application name: chrome
  • Validate → Ask Question
Screenshot of Tanium Interact query "installed application version" showing parameters for the Chrome application

Restrict by Computer Group

  • In the top results banner, open Filter by Computer Group.
  • Select a computer group.
  • Results recalc in real time.

Show machine names with the version

  • Open Question Builder (gear icon) → + ➜ Computer Name.
  • Rerun the question.

Filter Chrome by a specific version

In from computers with (Question Builder), add:

  • Sensor: Installed Application Version
  • Substring: contains 138

Execute to show only hosts with Chrome 138.x.

Export results to CSV

Click Export All → select CSV.

Why is “cache” not available?

Not all sensors support caching. Check with your cache team.

List apps with commands / show missing columns

  • Ask a Question → type: get installed applications

Customize columns (⋮ icon) and enable:

  • Installed Applications: Name
  • Installed Applications: Version
  • Installed Applications: Silent Uninstall String
  • Installed Applications: Uninstallable (optional)

Interact not showing the recent change?

Data respects sensor age. Check Max Sensor Age (when it last refreshed).

Query Cheat Sheet

System Information

Get Computer Name and Model and CPU from all machines with Disk Free Space Below Threshold matches ".*\b[0-4][0-9]{2} MB\b.*"
Get Computer Name and In Subnet[192.168.0.1/24] from all machines
Get Last Logged In User from all machines

Performance

Get Running Processes from all machines with CPU Consumption > 80%
Get High CPU Processes[5] from all machines

Software & Services

Get Installed Applications having Installed Applications:Name equals "Chrome"
Get Computer Name and Last Logged In User and Running Applications from all machines
Get Computer Name and Last Logged In User and Installed Applications from all machines

Service Status

Get Computer Name and Last Logged In User and Running Service from all machines
Get Computer Name and Last Logged In User and Stopped Service from all machines

Endpoint & Client

Get Tanium Client Version from all machines with Tanium Client Version < TARGET_VERSION
Get Tanium Client Settings from all machines
Get Sensor Status from all machines
Get Endpoint Configuration - Tools Status Details from all machines

User Management

Get Content Created By from all users with User Name equals "USER_NAME"

Peer & Network

Get Computer Name and Tanium Peer Address from all machines with (Tanium Peer Address contains NoAddress_NoAddress)
Get Computer Name and Tanium Client Subnet from all machines with (Tanium Back Peer Address contains NoAddress_NoAddress or Tanium Peer Address contains NoAddress_NoAddress)
Get Computer Name from all machines with Is Tanium Client Online contains false

Advanced Filtering

Get Computer Name matches "TAN-\d{3}"

David Wuibaille

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.