- 08 Mar 2022
- 7 Minutes to read
- Print
- DarkLight
- PDF
Tanium
- Updated on 08 Mar 2022
- 7 Minutes to read
- Print
- DarkLight
- PDF
The Tanium adapter discovers IT assets and gathers live endpoint data to help create an inventory of hardware and software assets.
Adapter Parameters
- Tanium Domain (required) - The IP address or hostname of your Tanium platform server.
- User Name and Password (required) - The credentials for a user account in Tanium that has the appropriate privileges to fetch assets.
- Fetch devices from Tanium System Status (optional, default: False) - Fetch assets that are managed endpoints from the Administration > System Status page in Tanium.
- If enabled, Axonius will fetch all assets from the Administration > System Status page.
- If disabled, Axonius will fetch not fetch assets from the Administration > System Status page.
- Fetch devices from Tanium Discover Module (optional, default: False) - Fetch assets from the Discover module that have been found by endpoints.
- If enabled, Axonius will fetch all assets that have been found by Tanium Discover.
- If disabled, Axonius will not fetch assets from Tanium Discover.
- Saved Question Names (comma separated) (optional, default: empty) - A comma separated list of Tanium Saved Question names to fetch assets from.
- If supplied, Axonius will fetch all assets returned from the most recent results of the each Saved Question supplied.
- If not supplied, Axonius will not fetch assets from any Saved Questions.
- Always re-ask Saved Question (required, default: False) - Re-ask the question of of all endpoints every time a fetch is performed.
- If enabled and Saved Question Name is supplied, the Saved Question will be re-asked before a fetch is performed.
- If not enabled and Saved Question Name is supplied, the Saved Question will NOT be re-asked, and the most recent results of the Saved Question will be fetched.
- Re-ask Saved Question if results are older than N hours (optional, default: empty) - Re-ask the question of of all endpoints if the results from the previously asked question are older than this many hours.
- If supplied and Saved Question Name is supplied, the Saved Question will be re-asked before a fetch is performed if the most recent results for the Saved Question are older than this many hours.
- If not supplied and Saved Question Name is supplied, the Saved Question will NOT be re-asked, and the most recent results of the Saved Question will be fetched.
- Verify SSL (required, default: False) - Verify the SSL certificate offered by the host supplied in Tanium Domain. For more details, see SSL Trust & CA Settings.
- If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
- If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
- HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to Tanium Domain.
- If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
- If not supplied, Axonius will connect directly to the host defined for this connection.
- Fetch devices from Tanium System Status
- Fetch devices from Tanium Discover Module
- Saved Question Names (comma separated)
- Tanium Asset Module Report Name
For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Requirements for fetching assets from Tanium System Status
If Fetch devices from Tanium System Status is enabled, the Tanium adapter will fetch assets from Tanium that are seen in the GUI under Administrator > System Status.
In order for a connection for the Tanium adapter to function properly if Fetch devices from Tanium System Status is enabled, the following requirements must be met:
- The Tanium user account supplied needs the following permissions granted (Assigning Roles)
- Micro Admin Role: Read System Status
How to create a role for Tanium System Status
There is no role that grants read only access to System Status provided in a base install of Tanium, so here is how you create a role that grants that permission:
- Log in to Tanium with an Administrator account.
- Go to Permissions > Roles. Then click New Role > Grant Micro Admin Role.
- Fill in the Name of the role, then click the plus sign next to Read System Status.
- Click the Save button to create the new role.
- Assign the newly created role to the Tanium user account, see Assigning roles.
Requirements for fetching assets from Tanium Discover Module
If Fetch devices from Tanium Discover Module is enabled, the Tanium adapter will fetch assets from Tanium that are seen in the GUI under Discover > Interfaces > All.
In order for a connection for the Tanium adapter to function properly if Fetch devices from Tanium Discover Module is enabled, the following requirements must be met:
- The Discover module must be installed.
- The Tanium user account supplied needs the following roles granted (see Assigning roles):
- Discover Read Only User
Requirements for fetching assets from Tanium Saved Question
If Saved Question Name is supplied, the Tanium adapter will fetch assets from Tanium that are seen in the GUI under Content > Saved Questions > Saved Question Name > Load.
In order for a connection for the Tanium adapter to function properly if Saved Question Name is supplied, the following requirements must be met:
- The Saved Question with the supplied name must exist.
- The Saved Question must include the Computer ID sensor.
- The Saved Question must include at least one of the following sensors for correlation to work effectively:
- MAC Address
- Network Adapters
- Computer Name
- Static IP Addresses
- IP Address
- Tanium Client IP Address
- Static IP Addresses
- IPv4 Address
- IPv6 Address
- The Tanium user account supplied needs the following roles applied (see Assigning roles):
- Interact Show
- Interact Read-Only User
- Saved Question access
- The Tanium user account supplied needs access to the computer groups you wish to fetch assets from (see Assigning computer groups)
Sensor Mappings to Axonius General Data fields
This is a table of Tanium sensors whose columns are mapped to General Data fields for an asset. If if they are defined in the Saved Question Name, they will be parsed into General Data fields appropriately:
Tanium Sensor Name | Axonius General Data Field |
---|---|
Computer ID | ID, UUID |
Computer Name | Host Name |
Computer Serial Number | Device Manufacturer Serial |
IP Address | Network Interfaces > IPs |
IPv4 Address | Network Interfaces > IPs |
IPv6 Address | Network Interfaces > IPs |
Static IP Addresses | Network Interfaces > IPs |
Network Adapters | Network Interfaces > IPs, Network Interfaces > MAC |
Installed Applications | Installed Software > Software Name, Installed Software > Software Version |
Chassis Type | Chassis Type |
Last Logged In User | Last Used Users |
Last Reboot | Boot Time |
Model | Device Model |
Manufacturer | Device Manufacturer |
Custom Tags | Sensor Tags |
CPU Details | CPUs > Description, CPUs > Cores |
Operating System | OS > Type, OS > Distribution |
Service Details | Services > Name, Services > Display Name, Services > Status |
Adapter Specific Fields
This is a table of adapter specific fields that will be populated from the Saved Question Name object:
Axonius Adapter Specific Field | Source |
---|---|
Tanium Device Type | The data source for an asset's entity data (Saved Question, Discover, or System Status) |
Saved Question Name | The value supplied to Saved Question Name in the adapter connection details |
Saved Question Query Text | The full query text of the Saved Question |
Saved Question Selects | A list of sensors that are on the left hand side of the question (sensors defined before from all machines) |
Saved Question Expiration | The expiration date and time of the last question that was asked for this Saved Question |
Adapter Specific Dynamic Fields
All sensors that are defined in the Saved question supplied will be dynamically mapped into Axonius fields based on their type definition as provided by the sensor object in Tanium. This allows data from any number of sensors to be supplied in a Saved Question to be automatically mapped into Axonius Adapter Specific fields with the appropriate typing (IP Address, Datetime, integer, version, or string).
Assigning Roles
The Tanium user account needs a number of roles assigned in order for Axonius to be able to fetch assets.
- Go to Administration > Users and select a user and click View User.
- Click Edit Roles. Then click Edit next to Grant Roles.
- In order to enable the full functionality of the Tanium Adapter, select the following roles in the Edit Grant Roles dialog window, then click Save:
- The name of the role you created in How to create a role for Tanium System Status - Required for core adapter functionality
- Discover Read Only User - If Fetch devices from Tanium Discover Module is enabled
- Interact Show - If Saved Question Name is supplied.
- Interact Read-Only User - If Saved Question Name is supplied.
- Saved Question access - If Saved Question Name is supplied.
- The Role Management section of Assign Roles should look like this:
- Click Show Preview, then click Save, then click Continue.
Assigning Computer Groups
The Tanium user account needs to be able to access the computer groups you want to fetch assets from when Saved Question Name is supplied.
- Go to Administration > Users and select a user and click View User.
- By default, a new user in Tanium has access to the No Computers computer group.
- Click Manage Computer Groups next to Computer Groups.
- Click Edit next to Manage Computer Groups.
- Ensure No Computers is unselected, and either select All Computers or the specific computer groups you wish to allow Axonius to fetch assets from, then click Save.
- Click Show Preview, then click Save, then click Continue.