Tanium Endpoint Protection

Prev Next

Tanium endpoint management and security solution provides real-time visibility and control by enhancing your ability to manage endpoints, streamline incident response, and bolster your defense mechanisms. For detailed information refer to the Tanium’s official documentation.

Integration Method: API

Tables: Vulnerability Finding (2002), Compliance Finding (2003), Detection Finding (2004), Device Inventory Info (5001), Software Inventory Info (5020)

This integration supports the following events.

Event

Description

Vulnerabilities

List of Vulnerabilities

Compliances

List of Compliance Findings

Assets

List of Assets

Alerts

List of Alerts

Software Inventory Info

List of software/applications installed on the device

This integration supports the following versions.

Tanium API gateway version

v2

Tanium Platform API version

v1

Note:

Tanium is a continuously updated cloud service. As of this document preparation, the latest release for threat response was on 4th March 2025.

Prerequisites

  • The user should have access to the Tanium portal.

  • The user should have a Tanium API token.

  • The user should have access to the DataBee console.

Configuration overview

  1. Get an API Token from the Tanium portal.

  2. Add Tanium Endpoint Protection in the DataBee console.

    DataBee Parameter

    Tanium Parameter

    Token

    API Token

Tanium Configuration

  1. Login to the Tanium console.

    Note:

    The login page link varies based on the instance and type of the instance. Use the link provided by your respective team. For example, https://<instancename>.com.

     

  2. Click Administration button on the sidebar. Under Permissions section, locate API Tokens and click it.

    A screenshot of a computer  AI-generated content may be incorrect.  

  3. Click on New API Token.

    A screenshot of a computer  AI-generated content may be incorrect.  

  4. Create New API Token

    1. Enter ‘Notes’ and ‘Expiration’ time

    2. Enter ‘Trusted IP Addresses’ ranges. Contact your DataBee support team for the CIDR range.

    3. Click Create.

    Note:

    This token will have to be regenerated before the expiration date (by default expiration time is 365 days).

    A screenshot of a computer  AI-generated content may be incorrect.

  1. Click on Yes in the confirmation box.

    A screenshot of a computer  AI-generated content may be incorrect.  

  2. Copy the API token to use it for authentication when we create feed in DataBee.

     

    Note:

    Token is only visible once. Copy and store it securely.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.

    A screenshot of a computer  AI-generated content may be incorrect.  

  1. Search for Tanium Endpoint Protection and click it as shown below.

    A screenshot of a computer  AI-generated content may be incorrect.  

  1. Click on the API Ingest option for collection method.

    A screenshot of a computer  AI-generated content may be incorrect.  

  1. Enter feed contact information and click Next.

     

  1. In the configuration page, confirm the following:

    • Authorization Method: Bearer Token

    • API Base URL: this is the base URL that DataBee will interact with

    • Replace <customer_url> with your Tanium instance specific endpoint. For example, https://<instancename>-api.cloud.tanium.com/plugin/products/gateway/graphql. Contact your Tanium support team for more information.

    • Token: paste the API Token

    • Event Types: preselected for all the event types that integration pulls.

     

  1. Click Submit.

Troubleshooting Tips

  • If you are facing an unauthorized (401) error, this might be possibly due to incorrect Token. Please refer API Credentials to retrieve the API Token.