How to use Maintenance and Reboot Tanium Solutions Lab Content to Create Policy-based Deployments

Deploying applications and module content can be challenging, especially when you need to work around 20 different change windows that depend on location, application, OS, system or server type (the list goes on). Here is an example of how you can use the Client Maintenance content in Tanium to help sift through all that without needing to issue an Action per maintenance window.

Quickstart on Using the Tanium Server SOAP API

Here's a short guide on how to get started with the Tanium Server SOAP API. This continues some of the discussion from the Integrations Through the Tanium Server API article and walks you through a quick way to immediately start playing with the Tanium Server API. Keep in mind that this doesn't use the Pytan Python Wrapper project and instead (for better or most likely worse) focuses on the raw SOAP API.

What is [no results] and How to Avoid It

Here's a related follow up from Friday's Basic Tips on Asking Questions article. In some cases you may run into "[no results]" when you're first ramping up on how to use Tanium. In most cases, asking a Question with "[no results]" is perfectly harmless, but a lot of seasoned Tanium users will proclaim that its less elegant. Regardless, here's why it happens and how to avoid it (if you want to).

Basic Tips on Asking Questions

...whenever I explain how to ask Questions to people, I like to start with a brief explanation of the two parts of a Tanium Question. In my opinion, this is a much shorter path to understanding the basics. And in fact, the new 7.0 Question Builder is designed around the same thinking. So read this short post to better understand the basics, and then go back to the other two articles if you want to get the full detail.

Getting Started with Tanium Integrations

I've broken out each of the three integration levels here in separate posts (my wife warned me that I was one of the few people on this planet that would be interested enough to read through the entire post in its original state). If you want to keep your head above the clouds and take a look at the 50,000 ft view, no need to dive into each post -- just know what each level is and move on to the conclusion.

Integrations Through the Tanium Server API

Almost all of the functionality that you see in the Tanium Console is accomplished on top of the Tanium Server's SOAP-based API (no, there is no REST API for the Tanium Server). While complex, this API is insanely powerful. It allows you to create, read, update, and delete (where applicable) almost all Tanium platform objects: Sensors, Questions, Packages, Dashboards, Groups, and a lot more. 

Integrations Through Tanium Connect

Tanium Connect is like a Product Module and resides on the Tanium Module Server (not going to get into this -- if you want more details, contact me or ask your TAM), but it is technically considered part of the Tanium Core platform. It can be accessed via the Tanium Console (like Product Modules). Connect relies heavily on the Tanium Server API to facilitate communication with other systems and technology platforms. The most common benefit is taking the real-time data that only Tanium can provide and send it to virtually any system that can make use of that data (e.g., a SIEM). And, the obvious argument here is that the fresher the data is, the more valuable that other system will be.

Integrations Through Sensors and Packages

This is the most common path to start with, especially as customers and partners get ramped up with Tanium platform. The implementation requirements needed to complete this kind of integration are basic -- all you need is a general understanding of how to use the Tanium Console and how authoring works. This kind of integration relies solely on creating Sensors (and Saved Questions of course) to monitor for data on the endpoints, and Packages (that get deployed as Actions) to affect change when needed.