What is Tanium Discover? #
Tanium Discover scans networks with hundreds of thousands of endpoints to find unmanaged assets. Administrators can choose to block the devices or bring them under management.
Why Should You Use the Tanium Discover Connector? #
The Tanium Discover connector provides visibility into the endpoints in your environment. You can use this visibility to:
- ensure assets are managed per your security policies
- derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Meridian executes read-only requests to the Tanium Discover REST API and ingests only meta-data about Tanium Discover devices. Meridian does not retrieve any data stored on your assets.
Configuring the Connector in Meridian for Tanium Discover on Tanium Cloud #
| Field | Description | Example |
|---|---|---|
| URL | The URL for the Tanium APIhttps://<customer>-api.cloud.tanium.comwhere:customer is the sub-domain for your deployment of Tanium. | https://mycompany-api.tanium.com |
| Username | For on-premises use only | NA |
| Password | For on-premises use only | NA |
| Domain | For on-premises use only | NA |
| API Token | Valid API token for Tanium Discover.For details on creating an API token in Tanium Discover, see:https://lucidum.io/docs/tanium-discover/#creating_an_api_token_for_tanium_cloud | 9ab934979aea20a3d56a822441a4329f470326f5e7ef2af66783147533 |
| Data Lookback in Days. | Number of days worth of data to ingest. Default value is 7.If you use the default value, the connector ingests data from today, and the past 6 days. | 7 |
| Proxy | Optional field. If you want to use a proxy server, select from the list of already-configured proxy servers. For details on configuring a proxy server, see https://lucidum.io/docs/configuring-a-proxy-server/ | Acme_Tunnel_Proxy |
Creating an API Token for Tanium Discover on Tanium Cloud #
Step 1: Create a Persona for Meridian #
To create a persona for Meridian, see:
Step 2: Create a Custom Role for the Persona for Meridian #
Create a custom role for the Meridian persona. The custom role must have read permission for the following sensors:
| Computer Name | Base Tanium Content Set |
| IP Address | Base Tanium Content |
| MAC Address | Base Tanium Content |
| Operating System | Base Tanium Content |
| Computer Serial Number | Base Tanium Content |
| Manufacturer | Base Tanium Content |
| Model | Base Tanium Content |
| RAM | Base Tanium Content |
| Disk Total Space | Base Tanium Content |
| Online | Base Tanium Content |
| Last Logged In User | Base Tanium Content |
| Tanium Client Installation Date | Base Tanium Content |
| Running Service | Base Tanium Content |
| Open Port | Base Tanium Content |
| Firewall Status | Base Tanium Content |
| Installed Applications | Base Tanium Content |
| Comply – CVE Findings – Last Found | Comply |
| Comply – Compliance Status | Comply |
| Comply – Compliance Exposure Score | Comply |
- Go to Administration > Permissions > Roles
- Click New Role and provide a name, for example,
lucidum-read-only. - Under Platform Content Permissions, expand Sensor and set to Read.
- Click Apply Content Sets and add:
- Base Tanium Content. All the core sensors
- Comply. The three Comply sensors
- Interact. Required for question execution via API.
- Tanium Data Service. Required for API data access
- Add Saved Question Read in the same content sets if using saved questions.
- Under Module Permissions, add:
- Interact Read-Only User (module role)
- Comply Report Reviewer. Required for Comply configuration and vulnerability assessment data.
- Under Computer Groups, assign All Computers or scope to relevant groups.
- Save the role.
For details, see: https://help.tanium.com/bundle/ug_console_cloud/page/platform_user/console_roles.html#roles_configure
Step 3: Assign the Custom Role to the Meridian Persona #
- Login to the Tanium console with the persona you want the Meridian connector to use when ingesting data from Tanium.
- In the navigation menu, go to the Administration > Users page.
- In the User Administration page in the Roles and Effective Permissions section:
- Click Edit Roles.
- In the Assign Roles page in the Role Management > Grant Roles section:
- Click Edit.
- In the Edit Grant Roles dialog window:
- Select the role you created in the previous step.
- Click Save.
- On the Assign Roles page:
- Click Show Preview to Continue.
- Click Save.
- In the Notice dialog window:
- Click Continue.
Step 4: Create an API Token for Meridian #
When connecting to a Tanium Cloud instance, you must use API token.
To create an API token for the Meridian connector to use, follow these instructions:
Enter these values:
- Expiration. When creating an API token in Tanium, the default value for “Expire in Days” is 7. Meridian recommends you set this value the maximum allowed value of 365.
- Persona. Select the Persona we created for Meridian.
- Trusted IP Address. Enter the IP address of your Meridian instance.
API Documentation #
Contact Tanium customer support for access to the Tanium API v2.
