Tanium Integration Use Cases
Introduction
Tanium is a flexible platform that will support a wide variety of integration use cases limited only by your creativity. To help you kick off the brainstorming, here are some general themes for the types of integrations we see most often.
SIEM/Log Aggregation
Feed Tanium alerts, reports, and other valuable endpoint data into your SIEM, alert manager, or other log aggregation system. Tanium has packaged apps available for Splunk and IBM QRadar, but it is easy to configure Tanium to send data to virtually any downstream system. Tanium's Reporting is useful for creating custom filtered views of data collected by Tanium Data Service. The Reporting Data Sources Guide provides information about the data from TDS available to use in reports.
- To receive data to your system via a push mechanism, check out Tanium's Connect Module
- To pull data into your system, check out the Tanium Gateway in the following Tanium API Intro
Custom ServiceNow App
Tanium has a comprehensive catalog of integrations available on the ServiceNow Store. In addition, Tanium offers Integration Core, an SDK for ServiceNow. It makes the most popular features of Tanium's API easily accessible within ServiceNow so our customers and partners can build custom Tanium-powered integrations in ServiceNow.
CMDB and Asset Management
Tanium gives you a complete and up-to-date view of your enterprise inventory. Asset aggregates information about all endpoints managed by Tanium, online or offline. This data is valuable for a variety of scenarios such as:
- Updating external CMDB with up-to-date inventory information from Tanium
- Enriching endpoint information in Tanium Asset with data from an external system
- Looking up current details about a particular endpoint in Tanium Data Service or Asset.
Learn More About Tanium's Solutions For Asset Discovery And Inventory
Threat Investigation and Response
Integration with SIEM and SOAR platforms is a popular use case for Tanium, especially to support Threat Hunting and Remediation scenarios. You can create workflows to handle alerts from Tanium, or use Tanium to automate evidence gathering and real-time remediation actions directly on the endpoints. Quarantine and endpoint, generate a snapshot, kill a process, and much more.
Learn More About Tanium and SOAR Integrations
Use Tanium Threat Intelligence to automatically generate and deploy Intel as part of an investigation workflow. Automate full or partial steps to consume local telemetry (such as a hash), create and deploy matching Intel, consume the generated Alert, and secondary steps to update or remove the root intel.
Learn More About Tanium Threat Response Intel
Tanium Stream is a capability within Threat Response that allows operators to send the raw underlying endpoint telemetry to a SIEM or other data lake. Send Registry, Network, File, DSN, and HTTP header data directly from the endpoint to your preferred solution. Leverage this data for historical retroactive investigations as well as enrichment of your current workflows.
Learn More About Tanium Threat Response Stream
Custom Endpoint Code
Want even more visibility and control on your endpoints? You can write your own sensors and packages and deploy them to your organization's endpoints. If you can code it, Tanium can run it across your enterprise at scale. The possibilities are limitless.
- Check the health and status of an application or service
- Install and configure software
- Rapidly deploy a hand-crafted security fix
Get Started Writing Safe, Performant Code With Our Endpoint Content Guide
Ensure Vulnerability and Benchmark Compliance
Use Comply to evaluate endpoints for security configuration exposures and software vulnerabilities using industry security standards, vulnerability definitions, and custom compliance checks.
- Execute Gateway Graph queries for Vulnerability or Compliance fingings using the following content.
Learn More About Tanium Comply Gateway Content
- Leverage existing or custom Tanium Report content for Vulernability or Compliance findings.
Learn More About Tanium Comply Report Content
Autonomous Endpoint Management
With Automate, use playbooks to simplify Tanium platform interactions into logical steps to solve key use cases. Automate offers a mix of full automation and user-driven actions across Tanium solutions to streamline routine business processes for teams and improve productivity.
- Use Tanium Gateway Graph content to execute and manage playbooks.