Tanium Endpoint Protection

  • Published on Mar 20, 2025
  • 1 minute(s) read
Prev Next

Tanium endpoint management and security solution provides real-time visibility and control by enhancing your ability to manage endpoints, streamline incident response, and bolster your defense mechanisms. For detailed information refer to the Tanium’s official documentation.

Integration Method: API

Tables: Vulnerability Finding (2002), Compliance Finding (2003), Detection Finding (2004), Device Inventory Info (5001)

This integration supports the following events.

Event

Description

Vulnerabilities

List of Vulnerabilities.

Compliances

List of Compliance Findings.

Assets

List of Assets.

Alerts

List of Alerts.

This integration supports the following versions.

Tanium API gateway version

v2

Tanium Platform API version

v1

Note:

Tanium is a continuously updated cloud service. As of this document preparation, the latest release for threat response was on 4th March 2025.

Prerequisites

  • The user should have access to the Tanium portal.

  • The user should have Tanium API token.

  • The user should have access to the DataBee console.

Configuration overview

  1. Get the Token from Tanium portal.

  2. Add the Tanium Endpoint Protection in the DataBee console with the below parameters. console with the below parameters.

    DataBee Parameter

    Tanium Parameter

    Token

    API Token

Tanium Configuration

  1. Login to the Tanium console.

    Note:

    The login page link varies based on the instance and type of the instance. Use the link provided by your respective team.

  2. Navigate to API Tokens.

    1. Click on the Administration button from the sidebar.

    2. Under Permissions section, locate API Tokens and click on it.

    A screenshot of a computer  AI-generated content may be incorrect.

  3. Click on New API Token.

    A screenshot of a computer  AI-generated content may be incorrect.

  4. Create New API Token.

    1. Enter ‘Notes’ and ‘Expiration’ time.

    2. Enter the ‘Trusted IP Addresses’. Use CIDR notation for IPv4 netmasks (such as 192.0.2.0/24) and IPv6 prefixes (such as 2001:db8::/32).

    3. Click Create.

    Note:

    You will need to refresh this token before expiration in Tanium and update it in DataBee feed.

    A screenshot of a computer  AI-generated content may be incorrect.

  5. Click on Yes in the confirmation box.

    A screenshot of a computer  AI-generated content may be incorrect.

  6. Copy the API token to use it for authentication when we create feed in DataBee.

     

    Note:

    Token is only visible once. Copy and store it securely.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.

    A screenshot of a computer  AI-generated content may be incorrect.

  2. Search for Tanium Endpoint Protection and click it as shown below.

    A screenshot of a computer  AI-generated content may be incorrect.

  3. Click on the API Ingest option for collection method.

    A screenshot of a computer  AI-generated content may be incorrect.

  4. Enter feed contact information and click Next.

  5. In the configuration page, confirm the following:

  • Authorization Method: Bearer Token

  • API Base URL: this is the base URL that DataBee will interact with.

    Replace <customer_url> with your Tanium instance specific endpoint. For example, https://<instancename>-api.cloud.tanium.com/plugin/products/gateway/graphql. Contact your Tanium support team for more information.

    Reference: https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/overview.html

  • Token: paste the API Token.

  • Event Types: preselected for all the event types that integration pulls.

  1. Click Submit.

Troubleshooting Tips

  • If you are facing unauthorized (401) error, this might be possibly due to incorrect Token. Please refer API Credentials to retrieve the API Token.