Tanium Interact

The Tanium Interact adapter lets you ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.

Asset Types Fetched

• Devices, Aggregated Security Findings, Users, Software, SaaS Applications

Before You Begin

Required Ports

• TCP port 443: REST API

Required Permissions

Tanium Cloud requires the "Token-Use" permission assigned to the persona. For both Tanium 7.4 and 7.5, the following permissions are required:

Module Permissions

A Module Role named Interact Read-Only User exists that provides these Module Permissions:

1. Show Interact
2. Interact Module Read

Required Computer Group Permissions

Access must be granted to the Computer Groups targeted by each value supplied in Names of Saved Questions to fetch (comma separated).

Required Advanced Permissions

You must Create an Advanced Role since none exists that grants these Advanced Permissions:

1. Ask Dynamic Questions
2. Read Sensor - with content sets granted for the assigned content sets of the sensors being used in each value supplied in Names of Saved Questions to fetch (comma separated).
3. Read Saved Question - with content sets granted for the assigned content set of each value in Names of Saved Questions to fetch (comma separated).

Create an Advanced Role

These are the steps to create a role that grants the Required Advanced Permissions:

1. Log in to the value supplied in Hostname or IP Address with an account that has the permissions necessary to edit roles.
2. In the navigation menu:
   1. Go to the Permissions > Roles page.
3. In the Permissions Page:
   1. Click New Role.
   2. Select Grant Advanced Role.
4. In the Create Role page in the Role Details section:
   1. Fill in the Name field. (for example: Saved Questions Read Only)
5. In the Create Role page in the All Content Sets Option section:
   1. Click the checkbox for Add all Content Sets that exist or will exist to the permissions selected below.
   2. Alternatively, you can add specific content sets that allow access to each value supplied in Names of Saved Questions to fetch (comma separated) and the sensors defined in those Saved Questions.
6. In the Create Role page in the Ask Dynamic Question section:
   1. Click the plus sign next to Ask Dynamic Questions.
7. The top of the Create Role page should look like:

8. In the Create Role page In the Advanced Permissions section click the plus sign next to the following permissions:

   1. Read Sensor
   2. Read Saved Question

9. The bottom of the Create Role Page should look like:

   

10. At the bottom of the Create Role page:

    1. Click Save.

11. In the Notice dialog window:

    1. Click Continue.

Assign Required Permissions

These are the steps to assign the Required Permissions to the value supplied in User Name:

1. Log in to the value supplied in Hostname or IP Address with an account that has the permissions necessary to edit users.
2. In the navigation menu:
   1. Go to the Administration > Users page.
3. In the Users Page:
   1. Select the value supplied in User Name from the list of users.
   2. Click View User.
4. In the User Administration page in the Computer Groups section:
   1. Click Manage Computer Groups:
5. In the Assign Computer Groups page in the Manage Computer Groups section:
   1. Section click Edit.
6. In the Edit Computer Group Assignments dialog window:
   1. De-select the No Computers value .
   2. Select the All Computers value.
   3. Alternatively, you can select specific Computer Groups targeted by each value supplied in Names of Saved Questions to fetch (comma separated).
   4. Click Save.
7. At the bottom of the Assign Computer Groups page:
   1. Click Show Preview to Continue.
8. At the bottom of the Assign Computer Groups page:
   1. Click Save.
9. In the User Administration page in the Roles and Effective Permissions section:
   1. Click Edit Roles.
10. In the Assign Roles page in the Role Management > Grant Roles section:
    1. Click Edit:
11. In the Edit Grant Roles dialog window:
    1. Select the role created in Create Advanced Role.
    2. Select the role named Interact Read-Only User.
    3. Click Save.
12. At the bottom of the Assign Roles page:
    1. Click Show Preview to Continue.
13. At the bottom of the Assign Roles page:
    1. Click Save.
14. In the Notice dialog window:
    1. Click Continue.
15. The User Administration page should look like this:

14. Continue to Verifying Permissions.

Verify Permissions

1. Log in to the value supplied in Hostname or IP Address with the values supplied in User Name and Password.
2. In the navigation menu:
   1. Go to the Content > Saved Questions page.
3. In the Content > Saved Questions page:
   1. For each of the values supplied in Names of Saved Questions to fetch (comma separated):
      1. Select the value from the list of Saved Questions.
      2. Click Load.

Create a Saved Question

1. Log in to the value supplied in Hostname or IP Address using an account that has the privileges necessary to create Saved Questions.
2. In the Home page:
   1. Fill in the Ask a Question field with the question that you want to create as a Saved Question in. You can find example questions here.
   2. Click Search.
   3. Select the query that matches the question you want to ask.
3. In the Question Results page:
   1. Click Save this question
4. In the New Saved Question page in the Details section:
   1. Fill in the Name field. This value will be one of the values that you enter into Names of Saved Questions to fetch (comma separated).
5. In the New Saved Question page in the Preferences & Tags section:
   1. Filling in this section is optional! Instead of filling in this section, you can use the Re-ask connection parameters to control the recurrence.
   2. Select Reissue this question every.
   3. Enter the recurrence values you want.
6. At the bottom of the New Saved Question page:
   1. Click Create Saved Question.

Example Questions

1. Includes just the sensors in the requirements for Saved Questions:
   • Get Computer ID and Computer Name and Network Adapters and Computer Serial Number from all machines
2. Includes just the sensors in the requirements for Saved Questions and targets a specific group of computers instead of all machines:
   • Get Computer ID and Computer Name and Network Adapters and Computer Serial Number from all machines with Operating System contains Windows
3. Includes the sensors in the requirements for Saved Questions and includes sensors that are not defined by field mappings but will have Adapter Specific fields dynamically created for their results:
   • Get Computer ID and Computer Name and Network Adapters and Computer Serial Number and USB Device Details and CPU by Process from all machines
4. Includes the sensors in the requirements for Saved Questions and includes all of the sensors in field mappings that will map to Aggregated fields in Axonius:
   • Get Computer ID and Computer Name and Network Adapters and Computer Serial Number and AD Organizational Unit and Applicable Patches and BIOS Version and Chassis Type and CPU Details and Custom Tags and Domain Member and Installed Applications and Is Virtual and Last Logged In User and Manufacturer and Model and Motherboard Manufacturer and Motherboard Version and Open Ports and Open Share Details and Operating System Build Number and Operating System Install Date and Operating System and OS Platform and RAM and Running Processes and Service Details and Service Pack and Tanium Client Version and Time Zone and Total Memory and Uptime from all machines

Additional Information

Version Matrix

This adapter has only been tested with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.

Interact Module Versions

Modules within Tanium have their own version which is separate from the platform version.