Actions can be deployed ad hoc or on a schedule. When Actions are scheduled, they are optimized in Tanium when they are created using a Policy. This article will describe the steps required to create Tanium Policy Actions.
This guide will document how to identify either missing or active Tanium clients when compared against a list of short names, IP addresses, or fully qualified domain names (FQDNs). The process involves importing data into an Excel workbook and applying formulas to extract the desired data
TanOS 1.3.0 was released May 24, 2018 and 1.3.1 was released shortly after on July 3, 2018. These releases bring with them some major feature updates and improvements. In this article I will address some of features we here at Chuco are most excited about seeing.
Deploying applications and module content can be challenging, especially when you need to work around 20 different change windows that depend on location, application, OS, system or server type (the list goes on). Here is an example of how you can use the Client Maintenance content in Tanium to help sift through all that without needing to issue an Action per maintenance window.
OS fingerprinting is one of the more interesting use cases for unmanaged assets (now known as Tanium Discover). But, the functionality is disabled by default because Discover's OS fingerprinting relies on Nmap (this is common for other fingerprinting products as well).
Here's a short guide on how to get started with the Tanium Server SOAP API. This continues some of the discussion from the Integrations Through the Tanium Server API article and walks you through a quick way to immediately start playing with the Tanium Server API. Keep in mind that this doesn't use the Pytan Python Wrapper project and instead (for better or most likely worse) focuses on the raw SOAP API.
During a recent training, someone in the room was going through some hands-on training activities on how to ask Tanium Questions. As he was working through some Questions using some filters, he asked what a lot of others ask about: Can you use regular expressions in Questions?
Here's a related follow up from Friday's Basic Tips on Asking Questions article. In some cases you may run into "[no results]" when you're first ramping up on how to use Tanium. In most cases, asking a Question with "[no results]" is perfectly harmless, but a lot of seasoned Tanium users will proclaim that its less elegant. Regardless, here's why it happens and how to avoid it (if you want to).
...whenever I explain how to ask Questions to people, I like to start with a brief explanation of the two parts of a Tanium Question. In my opinion, this is a much shorter path to understanding the basics. And in fact, the new 7.0 Question Builder is designed around the same thinking. So read this short post to better understand the basics, and then go back to the other two articles if you want to get the full detail.
In no particular order, here are some pretty solid reasons to push past your company's crazy, outdated change policies and move to 7.0 immediately.
I've broken out each of the three integration levels here in separate posts (my wife warned me that I was one of the few people on this planet that would be interested enough to read through the entire post in its original state). If you want to keep your head above the clouds and take a look at the 50,000 ft view, no need to dive into each post -- just know what each level is and move on to the conclusion.
Almost all of the functionality that you see in the Tanium Console is accomplished on top of the Tanium Server's SOAP-based API (no, there is no REST API for the Tanium Server). While complex, this API is insanely powerful. It allows you to create, read, update, and delete (where applicable) almost all Tanium platform objects: Sensors, Questions, Packages, Dashboards, Groups, and a lot more.
Tanium Connect is like a Product Module and resides on the Tanium Module Server (not going to get into this -- if you want more details, contact me or ask your TAM), but it is technically considered part of the Tanium Core platform. It can be accessed via the Tanium Console (like Product Modules). Connect relies heavily on the Tanium Server API to facilitate communication with other systems and technology platforms. The most common benefit is taking the real-time data that only Tanium can provide and send it to virtually any system that can make use of that data (e.g., a SIEM). And, the obvious argument here is that the fresher the data is, the more valuable that other system will be.
This is the most common path to start with, especially as customers and partners get ramped up with Tanium platform. The implementation requirements needed to complete this kind of integration are basic -- all you need is a general understanding of how to use the Tanium Console and how authoring works. This kind of integration relies solely on creating Sensors (and Saved Questions of course) to monitor for data on the endpoints, and Packages (that get deployed as Actions) to affect change when needed.