Tanium

About

The Tanium NetoFuse module provides enriched asset context to Netography Fusion from Tanium. It connects to the Tanium GraphQL API to retrieve asset information and then uploads it as Context Labels to the Netography Fusion API.

Tanium Core and Tanium Asset are supported products for this module.

☁️NetoFuse Modules: Cloud deployment vs. On-Prem deployment

This page documents how to add and configure the NetoFuse module for an on-prem deployment with a container or Python package. If you want to use the cloud deployment model and have this integration run in the Netography Fusion SaaS, you can add it as a context integration in the Netography Fusion Portal instead by consulting the Context Integrations documentation.

API Configuration Parameters

All the fields required for this integration are listed here, along with the corresponding environment variable name used to set that field in the NetoFuse module.

Tanium Field
Required
Netofuse Environment Variable
Description

API Key

Yes

NETO__TANIUM__CREDENTIALS__API_KEY

API key for Tanium authentication

URL

Yes

NETO__TANIUM__URL

Tanium server address

tanium NetoFuse Module Configuration

All the fields required for this integration are listed above in the API Configuration Parameters section above. See Configure > module for additional options for setting configuration fields and Credential Storage for additional options for setting credentials.

Advanced Configuration Options

The following configuration options are available for the module.

Configuration Option
Description
Default Value

method

Determines the method used to gather data from Tanium. Must be one of ASSET, TDS, TS, ADHOC

ASSET

fields

Fields to retrieve from Tanium

See below

per_page

Number of endpoints to retrieve per page

1000

expectedCount

Approximate number of endpoints in your environment

N/A

cooldown

Number of seconds without new results before the question is "complete".

30

retry_interval

Interval between retry attempts in seconds

10

retry_count

Number of retry attempts

3

Methods to gather data from Tanium

The taniummodule supports 4 different methods for gathering data from Tanium. The best method to use depends on your Tanium deployment and the data you wish to retrieve, and determining this is best done in collaboration with a Tanium subject matter expert within your organization and by using the Tanium API documentation.

Fields to retrieve from Tanium

The fields configuration option defines what fields are retrieved from the Tanium API. This set of fields can then be used by the transform you define.

If you are using methods ASSET, TDS, or TS, the fields value represents a list of fields to retrieve from the GraphQL endpoint. The available field options can be retrieved through the Tanium GraphQL Schema or by navigating to the API Gateway GraphQL Playground in the Tanium console.

If you are using method ADHOC, the fields value represents a list of sensors you want to retrieve from endpoints. The Sensor name is used and can be retrieved from the sensors page in the Tanium UI.

The default configuration uses the ASSET method and this fields configuration:

["computerId","computerName","createdAt","eid","id","ipAddress","manufacturer","operatingSystem","osPlatform","serialNumber","servicePack","userName","updatedAt"]

If you are using the TDS, TS, or ADHOCmethods, you will need to update the fields configuration.

Example fields configuration for ADHOCmethod:

["Computer Name", "IP Address", "OS Platform", "OS Name", "OS Generation", "OS Version", "Serial Number", "Service Pack", "User Name", "Last Logged In User"]

Examplefields configuration for TDS, and TS methods:

["ipAddress", "computerID", "serialNumber", "name", "os{name,platform,generation}","primaryUser{name,email}","lastLoggedInUser"]

PreviousRunZeroNextTenable

Last updated