Tanium
  • 8 minutes to read
  • Print
  • Share
  • Dark
    Light

Tanium

  • Print
  • Share
  • Dark
    Light

The Tanium adapter discovers IT assets and gathers live endpoint data to help create an inventory of hardware and software assets.

Adapter Parameters

  1. Tanium Domain (required) - The IP address or hostname of your Tanium platform server.
  2. User Name and Password (required) - The credentials for a user account in Tanium that has the appropriate privileges to fetch assets.
  3. Fetch devices from Tanium Discover Module (optional, default: False) - Fetch assets from the Discover module that have been found by endpoints.
    • If enabled, Axonius will fetch all assets that have been found by Tanium Discover.
    • If disabled, Axonius will not fetch assets from Tanium Discover.
  4. Saved Question Name (optional, default: empty) - The name of a Saved Question in Tanium to fetch assets from.
    • If supplied, Axonius will fetch all assets returned from the most recent results of the Saved Question with this name.
    • If not supplied, Axonius will not fetch assets from a Saved Question.
  5. Always re-ask Saved Question (required, default: False) - Re-ask the question of of all endpoints every time a fetch is performed.
    • If enabled and Saved Question Name is supplied, the Saved Question will be re-asked before a fetch is performed.
    • If not enabled and Saved Question Name is supplied, the Saved Question will NOT be re-asked, and the most recent results of the Saved Question will be fetched.
  6. Re-ask Saved Question if results are older than N hours (optional, default: empty) - Re-ask the question of of all endpoints if the results from the previously asked question are older than this many hours.
    • If supplied and Saved Question Name is supplied, the Saved Question will be re-asked before a fetch is performed if the most recent results for the Saved Question are older than this many hours.
    • If not supplied and Saved Question Name is supplied, the Saved Question will NOT be re-asked, and the most recent results of the Saved Question will be fetched.
  7. Verify SSL (required, default: False) - Verify the SSL certificate offered by the host supplied in Tanium Domain. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
  8. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to Tanium Domain.
    • If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
    • If not supplied, Axonius will connect directly to the host defined for this connection.
  9. Choose Instance (required, default: 'Master') - The Axonius node to utilize when connecting to Tanium Domain. For more details, see Connecting Additional Axonius Nodes.

image.png

Requirements for fetching assets from Tanium System Status

The Tanium adapter fetches assets from Tanium that are seen in the GUI under Administration > System Status.

In order for a connection for the Tanium adapter to function properly, the following requirements must be met:

  • The Tanium user account supplied needs the following permissions granted (Assigning Roles)
    • Micro Admin Role: Read System Status

How to create a role for Tanium System Status

There is no role that grants read only access to System Status provided in a base install of Tanium, so here is how you create a role that grants that permission:

  1. Log in to Tanium with an Administrator account.
  2. Go to Permissions > Roles. Then click New Role > Grant Micro Admin Role.
    image.png
  3. Fill in the Name of the role, then click the plus sign next to Read System Status.
    image.png
  4. Click the Save button to create the new role.
  5. Assign the newly created role to the Tanium user account, see Assigning roles.

Requirements for fetching assets from Tanium Discover Module

If Fetch devices from Tanium Discover Module is enabled, the Tanium adapter will fetch assets from Tanium that are seen in the GUI under Discover > Interfaces > All.

In order for a connection for the Tanium adapter to function properly if Fetch devices from Tanium Discover Module is enabled, the following requirements must be met:

  • The Discover module must be installed.
  • The Tanium user account supplied needs the following roles granted (see Assigning roles):
    • Discover Read Only User

Requirements for fetching assets from Tanium Saved Question

If Saved Question Name is supplied, the Tanium adapter will fetch assets from Tanium that are seen in the GUI under Content > Saved Questions > Saved Question Name > Load.

In order for a connection for the Tanium adapter to function properly if Saved Question Name is supplied, the following requirements must be met:

  • The Saved Question with the supplied name must exist.
  • The Saved Question must include the Computer ID sensor.
  • The Saved Question must include at least one of the following sensors for correlation to work effectively:
    • MAC Address
    • Network Adapters
    • Computer Name
    • Static IP Addresses
    • IP Address
    • Tanium Client IP Address
    • Static IP Addresses
    • IPv4 Address
    • IPv6 Address
  • The Tanium user account supplied needs the following roles applied (see Assigning roles):
    • Interact Show
    • Interact Read-Only User
    • Saved Question access
  • The Tanium user account supplied needs access to the computer groups you wish to fetch assets from (see Assigning computer groups)

Sensor Mappings to Axonius General Data fields

This is a table of Tanium sensors whose columns are mapped to General Data fields for an asset. If if they are defined in the Saved Question Name, they will be parsed into General Data fields appropriately:

Tanium Sensor Name Axonius General Data Field
Computer ID ID, UUID
Computer Name Host Name
Computer Serial Number Device Manufacturer Serial
IP Address Network Interfaces > IPs
IPv4 Address Network Interfaces > IPs
IPv6 Address Network Interfaces > IPs
Static IP Addresses Network Interfaces > IPs
Network Adapters Network Interfaces > IPs, Network Interfaces > MAC
Installed Applications Installed Software > Software Name, Installed Software > Software Version
Chassis Type Chassis Type
Last Logged In User Last Used Users
Last Reboot Boot Time
Model Device Model
Manufacturer Device Manufacturer
Custom Tags Sensor Tags
CPU Details CPUs > Description, CPUs > Cores
Operating System OS > Type, OS > Distribution
Service Details Services > Name, Services > Display Name, Services > Status

Adapter Specific Fields

This is a table of adapter specific fields that will be populated from the Saved Question Name object:

Axonius Adapter Specific Field Source
Tanium Device Type The data source for an asset's entity data (Saved Question, Discover, or System Status)
Saved Question Name The value supplied to Saved Question Name in the adapter connection details
Saved Question Query Text The full query text of the Saved Question
Saved Question Selects A list of sensors that are on the left hand side of the question (sensors defined before from all machines)
Saved Question Expiration The expiration date and time of the last question that was asked for this Saved Question

Adapter Specific Dynamic Fields

All sensors that are defined in the Saved question supplied will be dynamically mapped into Axonius fields based on their type definition as provided by the sensor object in Tanium. This allows data from any number of sensors to be supplied in a Saved Question to be automatically mapped into Axonius Adapter Specific fields with the appropriate typing (IP Address, Datetime, integer, version, or string).

Assigning Roles

The Tanium user account needs a number of roles assigned in order for Axonius to be able to fetch assets.

  1. Go to Administration > Users and select a user and click View User.
    image.png
  2. Click Edit Roles. Then click Edit next to Grant Roles.
    image.png
  3. In order to enable the full functionality of the Tanium Adapter, select the following roles in the Edit Grant Roles dialog window, then click Save:
    1. The name of the role you created in How to create a role for Tanium System Status - Required for core adapter functionality
    2. Discover Read Only User - If Fetch devices from Tanium Discover Module is enabled
    3. Interact Show - If Saved Question Name is supplied.
    4. Interact Read-Only User - If Saved Question Name is supplied.
    5. Saved Question access - If Saved Question Name is supplied.
  4. The Role Management section of Assign Roles should look like this:
    image(1023)(73)
  5. Click Show Preview, then click Save, then click Continue.

Assigning Computer Groups

The Tanium user account needs to be able to access the computer groups you want to fetch assets from when Saved Question Name is supplied.

  1. Go to Administration > Users and select a user and click View User.
    image.png
  2. By default, a new user in Tanium has access to the No Computers computer group.
  3. Click Manage Computer Groups next to Computer Groups.
    image(1023)(74)
  4. Click Edit next to Manage Computer Groups.
    image(1023)(75)
  5. Ensure No Computers is unselected, and either select All Computers or the specific computer groups you wish to allow Axonius to fetch assets from, then click Save.
    image(1023)(76)
  6. Click Show Preview, then click Save, then click Continue.
Was this article helpful?