Skip to main content
All CollectionsConnectorsEndPoint Security
Tanium Connector (new revision)
Tanium Connector (new revision)

Learn all about integrating Tanium into the Vulcan Platform

Updated over 2 months ago

Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.


Overview

About Tanium

Tanium provides a powerful and flexible platform to secure endpoint devices. Rapidly respond to cyber threats with real-time visibility and comprehensive control.

Why integrate Tanium into the Vulcan platform?

The Tanium Connector by Vulcan integrates with the Tanioum platform to pull and ingest Host assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Tanium Connector Details

Supported products

Category

Endpoint Security

Ingested asset type(s)

Hosts

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

Configuring the Tanium Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Tanium icon.

  4. Set up the Connector as follows:

    • Insert your client URL, Make sure to provide the base URL (Without the graphQL path), and the API Access Token key you generated earlier.

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Tanium instance, then click Create (or Save Changes).

  6. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  7. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  8. To confirm the sync is complete, navigate to the Connectors page. Once the Tanium icon shows Connected, the sync is complete.


Tanium in the Vulcan Platform

Viewing Tanium vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector/Source:

  1. Go to the Vulnerabilities page.

  2. Use the Search or Filter input box to select the Vulnerability Source or Connector filter.

  3. Select Tanium from the vulnerability source/Connector list to filter results.

  4. Click on any vulnerability for more vulnerability details.

Viewing Tanium assets in the Vulcan Platform

To view assets by Connector/Source:

  1. Go to the Assets page.

  2. Click on the relevant asset type tab.

  3. Use the Search or filter input box to select Connector from the drop-down selection.

  4. Select Tanium from the Asset source/Connector list to filter results and view all synced assets.
    See the complete list of available asset filters per asset type

Taking Action on vulnerabilities and assets detected by Tanium

To take remediation action on vulnerabilities and assets detected by Tanium:

  1. Go to the Vulnerabilities / Assets Page.

  2. Click on the Search and Filter input box and select Connector from the drop-down selection.

  3. Locate the Tanium option to view all synced vulnerabilities/assets.

  4. Select the relevant Vulnerability out of the results list.

  5. Click Take Action.

Automating remediation actions on vulnerabilities detected by Tanium

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Tanium Connector.


From Tanium to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Tanium through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Host fields mapping

Tanium field

Vulcan field

Value example

node.id

Uniqueness criteria

41264

node.name

Asset Name

vulcancyber.vulcancyber.com

Hosts

Asset type

node.ipAddresses

IP

127.0.0.1

node.os.generation

OS

Windows 10

node.os.name

OS Version

Windows 10 Pro

node.eidFirstSeen

Created date

2022-10-07T11:33:49Z

node.macAddresses

Multiple mac addresses

FF:FF:FF:FF:FF:FF

node.computerID

node.systemUUID

node.namespace

node.isVirtual

node.isEncrypted

node.chassisType

node.primaryUser.name

Asset Tags - Additional

2512651369

4C4C4533-014A-4B10-804A-B5C12F4B3733

""

False

False

Desktop

Some Name

The asset ID + Unique Vuln ID

Vulnerability instance uniqueness criteria

node.compliance.cveFindings.cveId

Unique Vulnerability uniqueness criteria

CVE-2016-2183

cveId

Vulnerability title

CVE-2016-2183

cvssScoreV3/cvssScore

Vulnerability score

7.5

summary

Vulnerability description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

cveYear

Vulnerability details

2016

cvssScoreV3

CVSS

Vulnerability status mapping

Tanium Status

Vulcan Status

Vulnerable (Any received vulnerability from the Tanium connector is considered Vulnerable)

Vulnerable

Vulnerability score mapping

Tanium score

Vulcan score

CVSS score

CVSS score

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).

The table below lists how the status update mechanism works in the Tanium connector for the vulnerabilities and assets in the Vulcan Platform.

Update type in Vulcan

Mechanism (When?)

The asset is archived

- Asset not found on the connector's last sync

- Asset not seen for X days according to "Last Seen".

The vulnerability instance status changes to "Fixed"

- If the vulnerability no longer appears in the scan findings.

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

Did this answer your question?