Overview


About integrating Tanium into the Vulcan Platform

Tanium lets you see, control, and protect every endpoint, everywhere, with the only Converged Endpoint Management (XEM) platform. When integrated into the Vulcan Platform, you'll be able to review hosts vulnerabilities on your assets while leveraging the power of Vulcan Cyber discoverability and automation.


Prerequisites and User Permissions

To issue API URL and Token from the Tanium Platform and enable the integration, you must use a user with Generate Reports/Export Content reports permissions.


Configure the Tanium connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Tanium icon.

  4. Enter the following information into the connector setup page.

    • API URL and API Token

    • Tanium provides two types of reports, Vulnerability Reports and Compliance Reports (CIS).

      Although the Vulcan Platform retrieves all assets (hosts) from Tanium, you must choose the reports you want to retrieve into the Vulcan Platform. Click Load Reports to retrieve the reports from the Tanium platform and select the relevant ones.

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Tanium instance, then click Create (or Save Changes).

  6. Allow some time for the sync to complete. You can review the sync status under Log.

  7. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Tanium icon shows Connected, the connection is complete.


Locate Tanium vulnerabilities in the Vulcan Platform

As Tanium discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. With many assets and vulnerabilities, discovering specific vulnerabilities via source is made easy with filters.

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source or Connector.

  2. Locate Tanium on the vulnerability source list and click to filter results.

  3. Click on any vulnerability to view further information.


Locate Tanium assets in the Vulcan Platform

To locate all synced website application assets from Tanium, Go to the Assets tab in Vulcan Cyber.

  1. Open the Vulcan Cyber dashboard and navigate to Assets > Hosts tab.

  2. Click on the Search or filter websites input box and select Connector from the drop-down selection.

  3. Locate the Tanium option to view all synced assets.


Automate Tanium vulnerability actions in the Vulcan Platform

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Tanium connector.

Here is an example of creating email automation (other automation types are also available):

  1. Open the Vulcan Cyber dashboard and navigate to the Automation section. Once there, click the Create new Playbook button.

  2. First, give your automation playbook an indicative name.

  3. Select Tanium for the source of vulnerabilities, and continue to set the vulnerability condition as Risk is Critical / High (for example), leaving the rest as defaults, or simply set the conditions as it suits your needs.

    EXAMPLE:

  4. Select Tanium for the source of vulnerabilities. Continue to set the vulnerability condition as Risk is Critical / High (for example), leaving the rest as defaults, or simply set the conditions as it suits your needs.

  5. Continue to the Remediation actions and select the take-action channel. In this example, we selected "Assign via email".

  6. Choose how the separation of tickets is handled. In this example, we selected the "up to 200 vulnerabilities are aggregated into a single email" option. Then add the recipient emails to be notified.

  7. Leave all other steps as default (or modify if needed) and click on Save and Run.

Did this answer your question?