Tanium
  • 5 Minutes to read
  • PDF

Tanium

  • PDF

Article summary

About this document


This document provides the step-by-step procedure to configure Tanium in SAFE.

Introduction


SAFE seamlessly integrates with Tanium, a top-tier endpoint security management platform, to get the assets and their security misconfigurations into SAFE.

The Tanium integration can be configured by SAFE administrators using the Tanium card available on the SAFE Hooks page.

Prerequisites


To configure Tanium in SAFE, you need the following details:

  • Server URL: The URL of the user’s Tanium
    Examples:
    https://<Server URL>
    https://ec2-18-212-94-62.compute-1.amazonaws.com/)
Note
The above Tanium URL must be accessible from the public cloud. Refer to SAFE’s Outgoing IP Addresses to get SAFE's outgoing IPs for each region).
  • APIToken: To create API Token need an API Gateway User role, and this is a one-time process.

Supported Operating System


PlatformOperating System (OS)
Windows ServersWindows Server 2022
Windows Server 2019 (currently supported releases in the Long-Term Servicing Channel and the last supported release in the Semi-Annual Channel)
Windows Server 2016
Windows Server 2012, 2012 R2
Windows Server 2008 R2
Windows Server 2008
Windows WorkstationWindows 11
Windows 10 (currently supported releases in both the Semi-Annual Channel and the Long-Term Servicing Channel)
Windows 8
Windows 7 (SP1)
LinuxAmazon Linux 2 LTS
Amazon Linux AMI 2018.3
Amazon Linux AMI 2016.09
Debian 11.x
Debian 10.x
Debian 9.x
Debian 8.x
Debian 7.x, 6.x
Oracle Linux 9.x
Oracle Linux 8.x
Oracle Linux 7.x
Oracle Linux 6.x
Oracle Linux 5.x
Red Hat / AlmaLinux / Rocky Linux 9.x
Red Hat / CentOS / AlmaLinux / Rocky Linux 8.x
Red Hat / CentOS 7.x
Red Hat / CentOS 6.x
Red Hat / CentOS 5.x
SUSE Linux Enterprise Server (SLES) / OpenSUSE 15.x
SUSE Linux Enterprise Server (SLES) / OpenSUSE 12.x
SUSE Linux Enterprise Server (SLES) / OpenSUSE 11.x
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Generate API Token


To generate API Token from Tanium:

  1. Login to your Tanium Account with the API Gateway User role.
  2. Go to Administration from the Main menu.
  3. Navigate to Permissions > API Tokens.
    Tanium 1
  4. Click New API Token.
    Tanium 2
  5. Enter the Notes and Expiry
  6. In the Trusted IP addresses field, fill the “Private IP address of the Tanium” and add the SAFEIPaddresses based on the region where the safe is deployed. Refer to the below list.
  7. Click the Save button.
    Tanium 3
  8. The system displays the APIToken. Copy the token to use it while configuring Tanium in SAFE.
    Tanium 5
AWS Region where SAFE is hostedIP Address
ap-south-1 (Mumbai)13.232.239.28
ap-southeast-1 (Singapore)18.136.219.22
ap-southeast-2 (Sydney)54.253.20.235
eu-central-1 (Frankfurt)18.184.61.225
eu-west-2 (London)35.176.150.139
us-east-1 (N Virginia)52.203.84.56

Configure Tanium Comply in SAFE


Follow the below step-by-step procedure to configure Tanium in SAFE:

  1. Navigate to SAFE Hooks and click the Tanium card.
  2. Enter the Tanium Server URL. Here is an example of a Tanium URL https://ec2-18-212-94-62.compute-1.amazonaws.com/
  3. Enter the APIToken you generate.
  4. Fill the OSFilter. This filter allows the user to filter the data being fetched from Tanium based on the asset's operating system. If not provided, all assets data to which the user has access to will be pulled into SAFE.
    E.g., ubuntu, centos. The filter will work with an exact string match or partial string match. For Ex: An exact String match is like “Ubuntu 20.04.5, “ and a partial match can be “Ubuntu 20“. It will work for both.
  5. Select an auto-sync frequency in the number of days.
  6. Click the TestConnection button.
  7. Once the connection is validated, click the Save button.
  8. Once the configuration is saved, click the SyncNow button to trigger the on-demand sync outside of the scheduled auto sync.

Tanium 6

View Results


After a successful sync, the Tanium assets are automatically imported into SAFE.

To view the assets pulled from Tanium Comply:

  1. Navigate to Technology > Assets.
  2. Filter the assets with Source as security.safe.saas.tanium.
    bb591983-e5e4-44cf-afd0-564bbf0ae94d
  3. Click on the Asset name.
  4. The system displays all the controls and their status.
    e572cca4-477e-4bce-a579-d5b0960c75fb
  5. Click on the Control Name, and under the observation section; it will show the ID and the Status of the control.
    ccd69944-89df-4dba-8213-ffe3fb4792da

FAQs


1. How does OS Filter work?

The OS Filter field will take comma-separated values, e.g., ubuntu, centos

  • Filters are not case-sensitive, so that any value matching will be handled.
  • Extra spaces at the beginning and end of strings will also be handled and won’t impact the results.
  • Spaces in between strings will impact results, e.g., Red Hat or Cent OS will not be the same as RedHat and CentOS.
  • The filter will work with an exact string match or partial string match. For Ex:- Exact String match is like “Ubuntu 20.04.5, “ and a partial match can be “Ubuntu 20“. It will work for both.

2. Is it mandatory to provide OS Filter in Tanium Configuration?

No, it is not mandatory to provide the filter in Tanium Configuration. The filter helps a user to configure a filter for the assets data that need to pull by SAFE. This is useful in case Tanium has a large data set, and the user only wants to import a section of the whole data in SAFE.

3. Where will assets get onboarded?

The asset will get onboarded on the basis of OS to asset type matching criteria. For example, if we have Ubuntu 20.04.5 LTS, it will get mapped to Ubuntu 20.x to Server Vertical. If no match is found, the asset will get onboarded to Others Vertical.

4. How can I check the Sync status for Tanium Integration?

To view the information related to any saved configuration, GET /integrations/:instance_id can be used. It will return all config fields except the fields which are encrypted using the sensitiveFields array. It will also return the information regarding the config state and the current Sync status.

{
      "id": 1,
      "type": "caplugin",
      "subtype": "tanium",
      "config": {
        "autoSync": 1,
        "serverUrl": "https://ec2-18-212-94-62.compute-1.amazonaws.com",
        "sensitiveFields": [
          "apiToken"
        ]
      },
      "state": {
        "error": "",
        "stage": "COMPLETED",
        "status": 0,
        "message": "Success",
        "lastScanTriggerTs": "2023-01-31T11:03:17.027Z",
        "completionPercentage": 100,
        "lastScanCompletionTs": "2023-01-31T11:11:06.965Z"
      },
      "isEnabled": true,
      "userData": {
        "emailId": "user.test@safe.security"
      }
    }

5. What are the possible values of the state of Tanium sync?

The following are the possible values for the sync stage:

StageMeaning
COMPLETEDFinished sync
ERRORError occurred during sync
IN PROGRESSSync is in progress

Each stage will have its own completion Percentage for reference.

The following are the possible values for sync status:

StatusMeaning
0Success
1In Progress
2Error

6. What if an already existing SAFE asset is assessed by Tanium sync?

In case an existing asset, for example- a Windows endpoint with the Safe agent installed on it, also gets assessed during a Tanium sync, the following behavior can be expected:

  1. The controls from Tanium will get populated under the existing asset, with the assessment being completed.
  2. The control count for the asset will increase, and there even may be double penalization for a few controls since two different sources are carrying out the assessment. This will affect the asset level score and may even have an effect on PAI.

For the reasons stated above, it is recommended that any such existing asset is first retired from Safe before the Tanium sync is triggered- so that it can be onboarded once again with Tanium as its source. Additionally, the Safe agent should be disabled on the endpoint so that it doesn’t continue sending assessments in the future.


Was this article helpful?

What's Next