Getting Started with Tanium Integrations

Before diving into the different ways you can integrate with Tanium, its important to lay out why it is that you’d want to integrate with Tanium in the first place. Even if its obvious to you, its worth beating this dead horse. Tanium has full, real-time control over its managed endpoints, and covers a variety of operating systems (Windows, Linux, Mac OS, and some UNIX). This leads to two incredibly valuable and fundamental capabilities: endpoint data access and change.

The former capability should make plenty of sense. If you need a value out of the Windows registry or a property from a config file in Linux, you can accomplish this in a few minutes with Sensor authoring. For endpoint change, you can alter nearly anything on a machine through the use of Actions. For example, you can call native commands or even send out custom scripts or executables to do your dirty work. The three integration paths vary in technical complexity, but still focus on these two fundamental capabilities.

The last thing that I’ll mention before moving on is that this article isn’t just for Tanium customers. This is also a starting point for aspiring Tanium partners. In fact, the below article is nearly identical to the conversations I’ve had in the past with technology partners while I was the VP of Technology at Tanium.

I’ve broken out each of the three integration levels here in separate posts (my wife warned me that I was one of the few people on this planet that would be interested enough to read through the entire post in its original state). If you want to keep your head above the clouds and take a look at the 50,000 ft view, no need to dive into each post — just know what each level is and move on to the conclusion. Click into each numbered title to access the details.

The Different Levels of Tanium Integrations

Integrations Through Sensors and Packages
This is the most common path to start with, especially as customers and partners get ramped up with Tanium platform. The implementation requirements needed to complete this kind of integration are basic — all you need is a general understanding of how to use the Tanium Console and how authoring works. This kind of integration relies solely on creating Sensors (and Saved Questions of course) to monitor for data on the endpoints, and Packages (that get deployed as Actions) to affect change when needed.

Integrations Through Tanium Connect
Tanium Connect is like a Product Module and resides on the Tanium Module Server (not going to get into this — if you want more details, contact me or ask your TAM), but it is technically considered part of the Tanium Core platform. It can be accessed via the Tanium Console (like Product Modules). Connect relies heavily on the Tanium Server API to facilitate communication with other systems and technology platforms. The most common benefit is taking the real-time data that only Tanium can provide and send it to virtually any system that can make use of that data (e.g., a SIEM). And, the obvious argument here is that the fresher the data is, the more valuable that other system will be.

Integrations Through the Tanium Server API
Almost all of the functionality that you see in the Tanium Console is accomplished on top of the Tanium Server’s SOAP-based API (no, there is no REST API for the Tanium Server). While complex, this API is insanely powerful. It allows you to create, read, update, and delete (where applicable) almost all Tanium platform objects: Sensors, Questions, Packages, Dashboards, Groups, and a lot more.

There’s More Value the Farther Down the List You Go

Increase in Complexity and Value

As you progress through each of the three Tanium integration levels, its clear that on average, you get more value from Tanium through API usage. There are customers who disable the Tanium Console entirely (security and access control is another reason, but thats for another post) and rely solely on a bevy of API-driven Tanium integrations. Tanium customers have proven value from custom integrations that assist virtually every possible stakeholder or group within an enterprise that could make use of fresher endpoint data, whether thats the help desk, the SOC, data scientists, or even the licensing team. Take a wide, openminded view and evaluate where your organization is today and where it should be and think about what custom integrations or applications can help.