Monitoring Endpoint OS Changes


Microsoft has become rather aggressive with updating endpoints with their newest Windows 10 operating system.  As a result, I’ve had friends and family complain about waking up one morning to a whole bunch of changes to their computers.  Since these people are all attached to my lab instance of Tanium… figured I’d setup Tanium to monitor for these… so when I get these calls, I can sound more knowledgeable about their plight.

Monitoring this type of thing involves knowing what information you’d like to watch for… in this case

Get Computer Name and Operating System and Operating System Build Number from all machines

Saving this as a saved question, if monitored, would notify me whenever a major update gets delivered to computers under my management. 

To setup monitoring, you’ll need to have Tanium Connect:

  1. Setup a new Connection with Saved Question as the data source.  Use the saved question you saved above.
  2. MOST IMPORTANT, you’ll need to setup a “filter” for New Items with whatever learning period you’d like.  Larger the environment the longer you should set your learning period.
  3. My data destination is Email, but you could use any destination you use for monitoring.

That’s it.  Now whenever any of my managed endpoints have major updates delivered to them, i will receive an email with the computers name, OS, and build version.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s