Quickstart on Using the Tanium Server SOAP API

Here's a short guide on how to get started with the Tanium Server SOAP API. This continues some of the discussion from the Integrations Through the Tanium Server API article and walks you through a quick way to immediately start playing with the Tanium Server API. Keep in mind that this doesn't use the Pytan Python Wrapper project and instead (for better or most likely worse) focuses on the raw SOAP API.

Getting Started with Tanium Integrations

I've broken out each of the three integration levels here in separate posts (my wife warned me that I was one of the few people on this planet that would be interested enough to read through the entire post in its original state). If you want to keep your head above the clouds and take a look at the 50,000 ft view, no need to dive into each post -- just know what each level is and move on to the conclusion.

Integrations Through the Tanium Server API

Almost all of the functionality that you see in the Tanium Console is accomplished on top of the Tanium Server's SOAP-based API (no, there is no REST API for the Tanium Server). While complex, this API is insanely powerful. It allows you to create, read, update, and delete (where applicable) almost all Tanium platform objects: Sensors, Questions, Packages, Dashboards, Groups, and a lot more. 

Integrations Through Tanium Connect

Tanium Connect is like a Product Module and resides on the Tanium Module Server (not going to get into this -- if you want more details, contact me or ask your TAM), but it is technically considered part of the Tanium Core platform. It can be accessed via the Tanium Console (like Product Modules). Connect relies heavily on the Tanium Server API to facilitate communication with other systems and technology platforms. The most common benefit is taking the real-time data that only Tanium can provide and send it to virtually any system that can make use of that data (e.g., a SIEM). And, the obvious argument here is that the fresher the data is, the more valuable that other system will be.

Integrations Through Sensors and Packages

This is the most common path to start with, especially as customers and partners get ramped up with Tanium platform. The implementation requirements needed to complete this kind of integration are basic -- all you need is a general understanding of how to use the Tanium Console and how authoring works. This kind of integration relies solely on creating Sensors (and Saved Questions of course) to monitor for data on the endpoints, and Packages (that get deployed as Actions) to affect change when needed.