Tanium Interact
  • 13 minutes to read
  • Print
  • Share
  • Dark
    Light

Tanium Interact

  • Print
  • Share
  • Dark
    Light

The Tanium Interact adapter lets you ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.

Parameters

  1. Hostname or IP Address (required) - The Hostname or IP address of the Tanium server that Axonius can communicate with via the Required Ports.
  2. User Name and Password (required) - The credentials for a user account that has the Required Permissions to fetch assets.
  3. Names of Saved Questions to fetch (comma separated) (required) - A comma separated list of Saved Questions names that meet the Requirements for Saved Question.
  4. Re-ask every fetch (required, default: False) - When fetching data for a connection, ask Tanium to issue a new question to get the current results for each value supplied to Names of Saved Questions to fetch (comma separated)
    • If enabled, a new question for a Saved Question will be issued every fetch.
    • If disabled, a new question for a Saved Question will not be issued every fetch.
  5. Re-ask if results are older than N hours (required, default: 6) - When fetching data for a connection, if the results for each value supplied to Names of Saved Questions to fetch (comma separated) are older than this many hours, ask Tanium to issue a new question to get the current results.
    • If the value provided is 0, no age check is performed and a new question will not be issued based on the value supplied here.
  6. Re-asking waits until all answers are returned (required, default: True) - If a new question is issued and any results contain [no results], wait until the question reaches expiration or until there are no results that contain [no results].
    • If enabled, if a new question is issued for a Saved Question and any results contain [no results], wait until the question expires or until all answers are in and there are no results that contain [no results].
    • If disabled, if a new question is issued for a Saved Question, wait until all answers are in or until the question expires.
  7. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Hostname or IP Address. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the value supplied in Hostname or IP Address will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the value supplied in Hostname or IP Address will not be verified against the CA database inside of Axonius.
  8. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Hostname or IP Address.
    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Hostname or IP Address.
    • If not supplied, Axonius will connect directly to the value supplied in Hostname or IP Address.
  9. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

tanium_interact_new_cnx

Requirements for Saved Questions

Each value supplied in Names of Saved Questions to fetch (comma separated must include the following sensors:

  • Computer ID
  • Computer Name
  • Network Adapters or (IPv4 Address and MAC Address)
  • Computer Serial Number
Additional Information

The Network Adapters sensor is only available if you have purchased and installed the Tanium Discover module.

In Axonius 3.6, you will be able to provide both the IPv4 Address and MAC Address sensors instead. You can also request a patch pre-3.6 to get support for this.

While these two sensors are available in the Base content provided with the Tanium platform, they do not provide a mapping of which IP address maps to which MAC address, so the information provided by these two sensors will not be as accurate as the Network Adapters sensor.

Required Ports

Axonius must be able to communicate with the value supplied in Hostname or IP Address via the following ports:

  • TCP port 443: REST API

Required Permissions

Required Module Permissions

A Module Role named Interact Read-Only User exists that provides these Module Permissions:

  1. Show Interact
  2. Interact Module Read

Required Advanced Permissions

You must Create an Advanced Role since none exists that grants these Advanced Permissions:

  1. Ask Dynamic Questions
  2. Read Sensor - with content sets granted for the assigned content sets of the sensors being used in each value supplied in Names of Saved Questions to fetch (comma separated
  3. Read Saved Question - with content sets granted for the assigned content set of each value in Names of Saved Questions to fetch (comma separated

Required Computer Group Permissions

Access must be granted to the Computer Groups targeted by each value supplied in Names of Saved Questions to fetch (comma separated.

Create an Advanced Role

These are the steps to create a role that grants the Required Advanced Permissions:

  1. Log in to the value supplied in Hostname or IP Address with an account that has the permissions necessary to edit roles.
  2. In the navigation menu:
    1. Go to the Permissions > Roles page.
  3. In the Permissions Page:
    1. Click New Role.
    2. Select Grant Advanced Role.
  4. In the Create Role page in the Role Details section:
    1. Fill in the Name field. (for example: Saved Questions Read Only)
  5. In the Create Role page in the All Content Sets Option section:
    1. Click the checkbox for Add all Content Sets that exist or will exist to the permissions selected below.
    2. Alternatively, you can add specific content sets that allow access to each value supllied in Names of Saved Questions to fetch (comma separated and the sensors defined in those Saved Questions.
  6. In the Create Role page in the Ask Dynamic Question section:
    1. Click the plus sign next to Ask Dynamic Questions.
  7. The top of the Create Role page should look like:
    tanium_create_advanced_role_top
  8. In the Create Role page In the Advanced Permissions section click the plus sign next to the following permissions:
    1. Read Sensor
    2. Read Saved Question
  9. The bottom of the Create Role Page should look like:
    tanium_create_advanced_role_bottom
  10. At the bottom of the Create Role page:
    1. Click Save.
  11. In the Notice dialog window:
    1. Click Continue.

Assigning Required Permissions

These are the steps to assign the Required Permissions to the value supplied in User Name:

  1. Log in to the value supplied in Hostname or IP Address with an account that has the permissions necessary to edit users.
  2. In the navigation menu:
    1. Go to the Administration > Users page.
  3. In the Users Page:
    1. Select the value supplied in User Name from the list of users.
    2. Click View User.
  4. In the User Administration page in the Computer Groups section:
    1. Click Manage Computer Groups:
  5. In the Assign Computer Groups page in the Manage Computer Groups section:
    1. Section click Edit.
  6. In the Edit Computer Group Assignments dialog window:
    1. De-select the No Computers value .
    2. Select the All Computers value.
    3. Alternatively, you can select specific Computer Groups targeted by each value supplied in Names of Saved Questions to fetch (comma separated.
    4. Click Save.
  7. At the bottom of the Assign Computer Groups page:
    1. Click Show Preview to Continue.
  8. At the bottom of the Assign Computer Groups page:
    1. Click Save.
  9. In the User Administration page in the Roles and Effective Permissions section:
    1. Click Edit Roles.
  10. In the Assign Roles page in the Role Management > Grant Roles section:
    1. Click Edit:
  11. In the Edit Grant Roles dialog window:
    1. Select the role created in Create Advanced Role.
    2. Select the role named Interact Read-Only User.
    3. Click Save.
  12. At the bottom of the Assign Roles page:
    1. Click Show Preview to Continue.
  13. At the bottom of the Assign Roles page:
    1. Click Save.
  14. In the Notice dialog window:
    1. Click Continue.
  15. The User Administration page should look like this:
    tanium_useradmin_interact
  16. Perform the steps in Verifying Permissions

Verifying Permissions

  1. Log in to the value supplied in Hostname or IP Address with the values supplied in User Name and Password.
  2. In the navigation menu:
    1. Go to the Content > Saved Questions page.
  3. In the Content > Saved Questions page:
    1. For each of the values supplied in Names of Saved Questions to fetch (comma separated:
      1. Select the value from the list of Saved Questions.
      2. Click Load.

Field Mappings

The following table shows a map how values are mapped to fields in Axonius.

For values that are sourced from sensors, if the sensors are defined in in any of the values supplied to Names of Saved Questions to fetch (comma separated, they will be mapped to the Axonius Field(s) listed:

Aggregated Fields

Source Destination
Saved Question: Expiration date of last asked question Last Seen
Sensor: AD Organizational Unit Organizational Unit
Sensor: Applicable Patches OS Available Security Patches
Sensor: BIOS Version Bios Version
Sensor: Chassis Type Is Virtual Host
Sensor: Computer ID, Saved Question: Name ID
Sensor: Computer ID UUID
Sensor: Computer Name Hostname
Sensor: Computer Serial Number Device Manufacturer Serial
Sensor: CPU Details CPUs
Sensor: Custom Tags Adapter Tags
Sensor: Domain Member Part Of Domain
Sensor: Installed Applications Installed Software
Sensor: Is Virtual Is Virtual Host
Sensor: Last Logged In User Last Used Users
Sensor: Manufacturer Device Manufacturer
Sensor: Model Device Model
Sensor: Motherboard Manufacturer Motherboard Manufacturer
Sensor: Motherboard Version Motherboard Version
Sensor: Network Adapters Network Interfaces
Sensor: Open Ports Open Ports
Sensor: Open Share Details Shares
Sensor: Operating System Build Number OS: Build
Sensor: Operating System Install Date OS: Install Date
Sensor: Operating System OS
Sensor: OS Platform OS: Type
Sensor: RAM Total RAM (GB)
Sensor: Running Processes Running Processes
Sensor: Service Details Services
Sensor: Service Pack OS: Service Pack
Sensor: Tanium Client Version Agent Versions
Sensor: Time Zone Time Zone
Sensor: Total Memory Total RAM (GB)
Sensor: Uptime Boot Time, Uptime (Days)

Adapter Specific Fields

Source Destination
Saved Question: Expiration date of last asked question Question Last Asked
Saved Question: Name Saved Question Name
Saved Question: Question Selects Question Selects
Saved Question: Question Text Question Query Text
Tanium Server Tanium Server Name, Tanium Server Version, Module Version
Dynamic Fields

All sensors that are defined in each of the values supplied to Names of Saved Questions to fetch (comma separated (even those that get mapped to Aggregated fields) will have Adapter Specific fields created.

These Adapter Specific fields will be created with the name of the sensor prefixed with Sensor:. The type of the fields created will be based on the column definitions in the sensor.

This means you can define ANY sensor you want in a Saved Question and the data returned by that sensor will show up in Axonius.

Custom processing

These are sensors that have custom processing to provide additional queryable fields:

  • Comply - Compliance Aggregates: a set of fields that show the percentage of the various count fields out of the "All" field. Available in Axonius 3.6 or via requested patch
  • Comply - Vulnerability Aggregates: a set of fields that show the percentage of the various count fields out of the "All" field. Available in Axonius 3.6 or via requested patch

Creating a Saved Question

  1. Log in to the value supplied in Hostname or IP Address using an account that has the privileges necessary to create Saved Questions.
  2. In the Home page:
    1. Fill in the Ask a Question field with the question that you want to create as a Saved Question in. You can find example questions here.
    2. Click Search.
    3. Select the query that matches the question you want to ask.
  3. In the Question Results page:
    1. Click Save this question
  4. In the New Saved Question page in the Details section:
    1. Fill in the Name field. This value will be one of the values that you enter into Names of Saved Questions to fetch (comma separated).
  5. In the New Saved Question page in the Preferences & Tags section:
    1. Filling in this section is optional! Instead of filling in this section, you can use the Re-ask connection parameters to control the recurrence.
    2. Select Reissue this question every.
    3. Enter the recurrence values you want.
  6. At the bottom of the New Saved Question page:
    1. Click Create Saved Question.

Example Questions

  1. Includes just the sensors in the Requirements for Saved Questions:
    • Get Computer ID and Computer Name and Network Adapters and Computer Serial Number from all machines
  2. Includes just the sensors in the Requirements for Saved Questions and targets a specific group of computers instead of all machines:
    • Get Computer ID and Computer Name and Network Adapters and Computer Serial Number from all machines with Operating System contains Windows
  3. Includes the sensors in the Requirements for Saved Questions and includes sensors that are not defined in Field Mappings but will have Adapter Specific fields dynamically created for their results:
    • Get Computer ID and Computer Name and Network Adapters and Computer Serial Number and USB Device Details and CPU by Process from all machines
  4. Includes the sensors in the Requirements for Saved Questions and includes all of the sensors in Field Mappings that will map to Aggregated fields in Axonius:
    • Get Computer ID and Computer Name and Network Adapters and Computer Serial Number and AD Organizational Unit and Applicable Patches and BIOS Version and Chassis Type and CPU Details and Custom Tags and Domain Member and Installed Applications and Is Virtual and Last Logged In User and Manufacturer and Model and Motherboard Manufacturer and Motherboard Version and Open Ports and Open Share Details and Operating System Build Number and Operating System Install Date and Operating System and OS Platform and RAM and Running Processes and Service Details and Service Pack and Tanium Client Version and Time Zone and Total Memory and Uptime from all machines:

Version Matrix

This adapter has only been tested with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.

Version Supported Notes
Tanium versions prior to 7.3.314.3424 No This adapter utilizes the REST API, which was added in Tanium 7.3.314.3424
Tanium 7.3.314.3424 Yes
Tanium 7.3.314.3668 Yes
Tanium 7.3.314.4147 Yes
Tanium 7.3.314.4250 Yes

Interact Module Versions

Modules within Tanium have their own version which is separate from the platform version.

Version Supported Notes
Interact Module 2.0.3.0012 Yes
Was this article helpful?