Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Get started with the Tanium Endpoint Platform integration

Log in to subscribe to topics and get notified when content changes.

Get started with the Tanium Endpoint Platform integration

The Integration Configuration feature allows you to quickly activate and set up third-party security integrations, including Tanium integration. Before you can use the Tanium integration, activate the plugin and configure the integration. If necessary, you must also update your X509 SSL certification.

Before you begin

Role required: sn_si_admin
Note: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method.

About this task

Whenever a CI is added to an open security incident in Security Incident Response, the Tanium - Get running processes workflow is triggered when the record is saved. Tanium is asked a Get Processes question, and Tanium returns the running processes for the affected CI in a table. For more information on the workflow and associated workflow activities, see Tanium - Get Running Processes workflow.

Procedure

  1. Navigate to Security Operations > Integration Configuration.
    The available security integrations appear as a series of cards.
    Tanium Endpoint Platform integration card
  2. In the Tanium card, click Install Plugin.
  3. In the Install Tanium integration dialog box, review the plugin details and click Activate.
  4. When the activation is complete, click Close & Reload Form.
    The Security Integration screen reloads and the Configure button for the integration is available.
  5. Click Configure.
  6. Fill in the fields on the Tanium Configuration form, as appropriate.
    Field Description
    Tanium Server URL The URL for accessing the Tanium server SOAP endpoint. Typically, the URL takes a format similar to https://tanium.server.local/soap. An IP address can also be used. For example, https//12.13.14.15/soap.
    Tanium Username and Password The username and password for the Tanium integration administrator (for Tanium version 6.1 and above).
    Tanium Session (pre 6.1) The Tanium Session SOAP key (for Tanium versions prior to 6.1). For Tanium 6.1 and later installations, this field is typically left empty.
    Running Processes Sensor The name of the Running Processes sensor to use. For example, Running Processes.
    IP Address Sensor The name of the IP address sensor to use for limiting a query to a set of specific client machines. For example, IP Address.
    Index File Sensor The name of the sensor used to get file details. This field defaults to Index Query File Details.
    Max Index File Entries per IP The limit on the number of files returned per machine in a Get File Details query. This field defaults to 10.
    Use MID Server If the Tanium server is behind a MID Server, authentication credentials must be included in the body of SOAP messages. The credentials, along with the rest of the SOAP message body, are stored as plain text in the External Communication Channel (ECC Queue).
  7. Click Submit to store the integration configuration.
Feedback