Integrations Through the Tanium Server API

This is a multi-part series describing the three primary ways that customers and partners typically use Tanium to integrate with other technologies and platforms. This is the first of three integration types, and you can read more at Getting Started with Tanium Integrations.

OVERVIEW

Almost all of the functionality that you see in the Tanium Console is accomplished on top of the Tanium Server’s SOAP-based API (no, there is no REST API for the Tanium Server). While complex, this API is insanely powerful. It allows you to create, read, update, and delete (where applicable) almost all Tanium platform objects: Sensors, Questions, Packages, Dashboards, Groups, and a lot more. 

Tanium Server API WSDL (console.wsdl)

The SOAP-based API is perfectly functional, but unfortunately, a lot of folks these days are used to REST and will likely balk at learning how SOAP works. Fortunately, there is a Github project called Pytan that is a python wrapper for the SOAP API. This is maintained by the Tanium TAM org and is really well documented. If possible, I would recommend taking advantage of this project instead of relying on the Server API directly.

PROS
As mentioned in the Overview, the Tanium Server API sits as a foundational layer for the Tanium Console and is incredibly powerful (this cannot be overstated). You are still relying on being able to pull data from and take action on endpoints, but you can do it pretty much from anywhere.

CONS
Did I mention that the Server API is hard to use? Using the Server API directly (or even indirectly with Pytan) is more challenging to implement and own. Also, there is very little Server API documentation. There is a defunct SOAP KB Article that I wrote awhile back, but you are pretty much left to look at the WSDL file delivered with the Tanium Server (see console.wsdl in the installation directory).

WHEN TO USE
If a customer had a dashboard (or a technology partner had their own console) and wanted to pull endpoint data directly into it or execute Actions from an existing tool, then this is what you want!

EXAMPLE
One of the earlier technology partnerships at Tanium was with Splunk. The goal was to provide Splunk users the ability to above and beyond their log analysis capabilities to provide additional information from managed machines. The great part about this integration is that Splunk users don’t even need to know what the Tanium Console is to pull real-time data!

For any Splunk users out there, check out the Tanium Splunk app.