- 20 Mar 2025
- 1 Minute to read
- Print
- DarkLight
Tanium Endpoint Protection
- Updated on 20 Mar 2025
- 1 Minute to read
- Print
- DarkLight
Tanium endpoint management and security solution provides real-time visibility and control by enhancing your ability to manage endpoints, streamline incident response, and bolster your defense mechanisms. For detailed information refer to the Tanium’s official documentation.
Integration Method: API
Tables: Vulnerability Finding (2002), Compliance Finding (2003), Detection Finding (2004), Device Inventory Info (5001)
This integration supports the following events.
Event | Description |
---|---|
Vulnerabilities | List of Vulnerabilities. |
Compliances | List of Compliance Findings. |
Assets | List of Assets. |
Alerts | List of Alerts. |
This integration supports the following versions.
Tanium API gateway version | v2 |
Tanium Platform API version | v1 |
Note:
Tanium is a continuously updated cloud service. As of this document preparation, the latest release for threat response was on 4th March 2025.
Prerequisites
The user should have access to the Tanium portal.
The user should have Tanium API token.
The user should have access to the DataBee console.
Configuration overview
Get the Token from Tanium portal.
Add the Tanium Endpoint Protection in the DataBee console with the below parameters. console with the below parameters.
DataBee Parameter
Tanium Parameter
Token
Tanium Configuration
Login to the Tanium console.
Note:
The login page link varies based on the instance and type of the instance. Use the link provided by your respective team.
Navigate to API Tokens.
Click on the Administration button from the sidebar.
Under Permissions section, locate API Tokens and click on it.
Click on New API Token.
Create New API Token.
Enter ‘Notes’ and ‘Expiration’ time.
Enter the ‘Trusted IP Addresses’. Use CIDR notation for IPv4 netmasks (such as 192.0.2.0/24) and IPv6 prefixes (such as 2001:db8::/32).
Click Create.
Note:
You will need to refresh this token before expiration in Tanium and update it in DataBee feed.
Click on Yes in the confirmation box.
Copy the API token to use it for authentication when we create feed in DataBee.
Note:
Token is only visible once. Copy and store it securely.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for Tanium Endpoint Protection and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: Bearer Token
API Base URL: this is the base URL that DataBee will interact with.
Replace <customer_url> with your Tanium instance specific endpoint. For example, https://<instancename>-api.cloud.tanium.com/plugin/products/gateway/graphql. Contact your Tanium support team for more information.
Reference: https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/overview.html
Token: paste the API Token.
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
If you are facing unauthorized (401) error, this might be possibly due to incorrect Token. Please refer API Credentials to retrieve the API Token.