Tanium Integration Use Cases
Tanium is a flexible platform that will support a wide variety of integration use cases limited only by your creativity. To help you kick off the brainstorming, here are some general themes for the types of integrations we see most often.
Feed Tanium alerts, reports, and other valuable endpoint data into your SIEM, alert manager, or other log aggregation system. Tanium has packaged apps available for Splunk and IBM QRadar, but it is easy to configure Tanium to send data to virtually any downstream system. Tanium's Reporting is useful for creating custom filtered views of data collected by Tanium Data Service. The Reporting Data Sources Guide provides information about the data from TDS available to use in reports.
- To receive data to your system via a push mechanism, check out Tanium's Connect Module
- To pull data into your system, check out Tanium's API Gateway
Custom ServiceNow App
Tanium has a comprehensive catalog of integrations available on the ServiceNow Store. In addition, Tanium offers Integration Core, an SDK for ServiceNow. It makes the most popular features of Tanium's API easily accessible within ServiceNow so our customers and partners can build custom Tanium-powered integrations in ServiceNow.
CMDB and Asset Management
Tanium gives you a complete and up-to-date view of your enterprise inventory. Asset aggregates information about all endpoints managed by Tanium, online or offline. This data is valuable for a variety of scenarios such as:
- Updating external CMDB with up-to-date inventory information from Tanium
- Enriching endpoint information in Tanium Asset with data from an external system
- Looking up current details about a particular endpoint in Tanium Data Service or Asset.
Threat Investigation and Response
Integration with SIEM and SOAR platforms is a popular use case for Tanium, especially to support Threat Hunting and Remediation scenarios. You can create workflows to handle alerts from Tanium, or use Tanium to automate evidence gathering and real-time remediation actions directly on the endpoints. Quarantine and endpoint, generate a snapshot, kill a process, and much more.
Use Tanium Threat Intelligence to automatically generate and deploy Intel as part of an investigation workflow. Automate full or partial steps to consume local telemetry (such as a hash), create and deploy matching Intel, consume the generated Alert, and secondary steps to update or remove the root intel.
Tanium Stream is a capability within Threat Response that allows operators to send the raw underlying endpoint telemetry to a SIEM or other data lake. Send Registry, Network, File, DSN, and HTTP header data directly from the endpoint to your preferred solution. Leverage this data for historical retroactive investigations as well as enrichment of your current workflows.
Custom Endpoint Code
Want even more visibility and control on your endpoints? You can write your own sensors and packages and deploy them to your organization's endpoints. If you can code it, Tanium can run it across your enterprise at scale. The possibilities are limitless.
- Check the health and status of an application or service
- Install and configure software
- Rapidly deploy a hand-crafted security fix
Risk and Zero Trust
With people working from anywhere from all sorts of devices, the old network based perimeter security model just doesn't work anymore. Security measures like multi-factor authentication and application-specific authorization policies are important measures for verifying that users are who they say they are and accessing what they should be accessing. But what about the device they accessing your network and applications from? Is it patched? Is it compliant with your organization's security policies?
Integration with Tanium as part of a Zero Trust solution enables instant verification of a device's Risk, Vulnerability, and Compliance posture as part of your login and authentication flow. Have confidence that users are accessing your sensitive applications from a managed, secure endpoint.
Integrating with Tanium's Zero Trust capabilities is relevant for:
- Cloud Access Security Brokers (CASB)
- Secure Web Gateways (SWG)
- Identity and Access Management tools (IAM)