Microsoft has become rather aggressive with updating endpoints with their newest Windows 10 operating system.  As a result, I’ve had friends and family complain about waking up one morning to a whole bunch of changes to their computers.  Since these people are all attached to my lab instance of Tanium… figured I’d setup Tanium to monitor for these… so when I get these calls, I can sound more knowledgeable about their plight.

Monitoring this type of thing involves knowing what information you’d like to watch for… in this case

Get Computer Name and Operating System and Operating System Build Number from all machines

Saving this as a saved question, if monitored, would notify me whenever a major update gets delivered to computers under my management. 

To setup monitoring, you’ll need to have Tanium Connect:

1. Setup a new Connection with Saved Question as the data source.  Use the saved question you saved above.
2. MOST IMPORTANT, you’ll need to setup a “filter” for New Items with whatever learning period you’d like.  Larger the environment the longer you should set your learning period.
3. My data destination is Email, but you could use any destination you use for monitoring.

That’s it.  Now whenever any of my managed endpoints have major updates delivered to them, i will receive an email with the computers name, OS, and build version.