Activate and configure the Security Operations Tanium integration

The Integration Configuration feature allows you to quickly activate and set up third-party security integrations, including Tanium integration.

Before you begin

Role required: admin
Note: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method.

Procedure

  1. Navigate to Security Operations > Integration Configuration.
    The available security integrations appear as a series of cards.
    Tanium Endpoint Platform integration card
  2. In the Tanium card, click Install Plugin.
  3. In the Install Tanium integration dialog box, review the plugin details and click Activate.
  4. When the activation is complete, click Close & Reload Form.
    The Security Integration screen reloads and the Configure button for the integration is available.
  5. Click Configure.
  6. Fill in the fields on the Tanium Configuration form, as appropriate.
    Field Description
    Tanium Server URL The URL for accessing the Tanium server SOAP endpoint. Typically, the URL takes a format similar to https://tanium.server.local/soap. An IP address can also be used. For example, https//12.13.14.15/soap.
    Tanium Username and Password The username and password for the Tanium integration administrator (for Tanium version 6.1 and above).
    Tanium Session (pre 6.1) The Tanium Session SOAP key (for Tanium versions prior to 6.1). For Tanium 6.1 and later installations, this field is typically left empty.
    Running Processes Sensor The name of the Running Processes sensor to use. For example, Running Processes.
    IP Address Sensor The name of the IP address sensor to use for limiting a query to a set of specific client machines. For example, IP Address.
    Index File Sensor The name of the sensor used to get file details. This field defaults to Index Query File Details.
    Max Index File Entries per IP The limit on the number of files returned per machine in a Get File Details query. This field defaults to 10.
    Use MID Server If the Tanium server is behind a MID Server, authentication credentials must be included in the body of SOAP messages. The credentials, along with the rest of the SOAP message body, are stored as plain text in the External Communication Channel (ECC Queue).
  7. Click Submit to store the integration configuration.