This is a multi-part series describing the three primary ways that customers and partners typically use Tanium to integrate with other technologies and platforms. This is the second of three integration types, and you can read more at Getting Started with Tanium Integrations.
Tanium Connect is like a Product Module and resides on the Tanium Module Server (not going to get into this -- if you want more details, contact me or ask your TAM), but it is technically considered part of the Tanium Core platform. It can be accessed via the Tanium Console (like Product Modules). Connect relies heavily on the Tanium Server API to facilitate communication with other systems and technology platforms. The most common benefit is taking the real-time data that only Tanium can provide and send it to virtually any system that can make use of that data. And, the obvious argument here is that the fresher the data is, the more valuable that other system will be.
Also note: there are a couple of unique connection types (Wildfire and VirusTotal) that don't conform to the typical connection type, so I'm avoiding those here.
As with Sensor and Package integrations, Connections in Tanium Connect are really easy to get going. There's usually less implementation needed (Sensor and Package integrations can naturally require some Sensor scripting), but still requires configuration information and some planning. All you need to do is configure a "Connection Destination" so that Tanium knows how to connect to whatever system you're focusing on.
You are limited to the existing connection destinations and templates. See the full list on the Connect Overview page.
When to Use
The perfect time to rely on Tanium Connect is when you're integrating with a SIEM (via syslog) or specific technologies such as Elasticsearch, Palo Alto, ServiceNow, or Splunk, then you're in luck. If you're looking to put Tanium data into flat files, emails, or a database, then you're also in luck. But if you don't fall into the previous buckets, then tough cookies -- you'll need to wait for the Tanium Connect engineering team to add that connection destination.
In the above Tanium Connect screenshot, we have some examples of how real-time Tanium endpoint data can benefit other systems. With the integration into ServiceNow's ticketing mechanism, customers with both technologies can get a much better and more efficient workflow for resolving IT problems. Tanium can retrieve an unbelievable amount of data, and the ability to trigger an event or log in another system or platform can be invaluable.
Questions? Comments? Either contact us or comment.