Tanium Comply File-Based Connector

Franco Polillo

June 01, 2020 15:16

Updated: March 2023

This connector generates asset vulnerability data in a Comma Separated Values (CSV) file, and when ingested, calculates a risk score for assets in your environment. Using data from Tanium and Kenna, it enhances the risk posture to improve your security. Now, your IT and security can work in tandem to patch vulnerabilities that are essential to reduce risk.

Depending on the On-Prem or Cloud version of Tanium you have, your setup may differ, and you will need to download resources and store the Tanium input file. Choose the generation method you require by using the Comply or Connect tabs.

Tip: If you have doubts about creating duplicate assets, ensure you use the Generate the File from Tanium Connect instructions.

Use the following information to set up the Tanium Comply Connector in Kenna and generate the CSV file.

Tanium Versions Supported

This connector supports Tanium Cloud, or On-Prem 2.12+. To set up the Tanium Comply Connector, see the Tanium User Documentation.

Tanium Fields Processed in Kenna

Asset Data

Title
Endpoint *
IP Address *
CPEs
Affected Products
Affected Platforms
Short hostname*
Custom tags*

Vulnerability Data

Check ID (CVE) *
CVE Year
CVE Created Date
CVE Modified Date
Severity (CVSS v3)
Score (CVSS v3)
Severity (CVSS v2)
Score (CVSS v2)

Note: The CVE field is required for vulnerability data. Ensure you use at least one Locator data point (marked with * in the Vulnerability Data list) to see the asset affected by the vulnerability.

Generate the File from Tanium Comply

The Tanium Comply Vulnerability Findings report has the input data relevant for Kenna. For large CSV files, Tanium downloads it in a zipped format that is an acceptable input for Kenna.

1. From the Tanium menu, choose Modules > Comply > Findings > Vulnerability > All Findings.

Figure 1: The Tanium Comply Vulnerability Findings report.

2-Download_the_Tanium_Comply_Findings_as_a_CVS_file.png

Figure 2: Download the Tanium Comply Findings as a CSV file.

2. Choose all the columns from the selector and then click Download as CSV. The CSV file downloads to the local desktop/server (whatever instance is in use).

Note: For On-Prem users, the download as a CSV is supported in versions 2.12 or later.

Generate the File from Tanium Connect

If you have multiple vendor scanners and get duplicate assets within Kenna, ensure you generate the file from Tanium Connect. Additional fields, Short-Hostname and Custom tags need to be included for your Kenna upload. Use the Tanium Connect tab to generate the CSV file. Tanium downloads large CSV files in a zipped format that is used as input to Kenna.

Note: Use these instructions if you have a destination set up where the CSV files are generated and stored.

1. From the Tanium menu, choose Modules > Connect > Connections > Create Connection.

Figure 3: Use the Connections module.

Figure 4: Create the Connection.

2. Add the following Connection details:

In General Information fields, type the Name and Description.
In the Source field, choose Tanium Comply (Findings).
In the Finding Type field, type Vulnerability.
From the Destination drop-down menu, choose any option available to you.

Figure 5: Add the Connection details: Source, Finding Type and Destination.

3. In the Format field, type CSV, and then in the Columns section, edit the column names to match the names you see in Comply tab.

5-Add_all_the_required_Connection_details_Source__Type_and_Destination.png

Figure 6: Configure the Output Format and Column names.

Comply and Connect Fields Table

Note: The column names in blue indicate the new fields you can select from the Connect tab, or if you can't find the column you need, create it as a custom column.

Comply	Connect
Check ID	CVE
Title	Title
CVE Year	CVE Year
Endpoint	Short-Hostname
IP Address	IP Address
Severity (CVSSv3)	CVSS v3 severity
Score (CVSS v3)	CVSS v3 score
Severity (CVSS v2)	CVSS v2 severity
Score (CVSS v2)	CVSS v2 score
CPEs	Common Platform Enumerations
Affected Products	Affected Products
Affected Platforms	Affected Platforms
CVE Created Date	CVE Created
CVE Modified Date	CVE Modified
Scan Method	NA
Operating System Generation	Operating System Generation
Operating System	Operating System
Computer ID	Computer ID
	Custom Tags
	First Found Date
	Last Found Date

Configure Kenna

1. From the Kenna dashboard, choose Connectors > Add Connector > Tanium Comply.

Figure 7: Click Add Connector.

Figure 8: On the Vulnerability Management page, click Tanium Comply.

2.To upload the generated CSV file to Kenna, click Upload & Run. Kenna uses threat feeds to analyze the input data and generate risk scores.

Figure 9: Upload and run the file.

Figure 10: The Connector ID.

Note: Write down the Connector ID number, if you plan to use the API method to recreate the Configure Kenna process.

Automate the Upload and Run Process with the Kenna API

Tip: Take advantage of the Kenna APIs automated upload and run steps process, after the CSV file is downloaded from Tanium.

Choose the following API > Connector Runs > Upload Data File. For more information, see: https://apidocs.kennasecurity.com/reference/upload-data-fil

Mandatory Field List

Use the following list of mandatory fields to run this API successfully:

Base URL: Is the base URL and on the API keys page.
Connector ID: From the Kenna dashboard, click the Connector after it is created, and ensure you write down the ID.
X-Risk token: Generate the API keys from the Kenna dashboard. Ensure you write down the key after it is generated.

Note: After 15 minutes the entry disappears, so thereafter if you need a copy of the token, use the Change token to generate a new one. Also, if you need to revoke access by users of the Kenna account, do it from the API Keys page.

Figure 11: API Keys.

Figure 12: Generate API keys and write down the base URL.

File field: Is the path for the CSV file that you want to upload.
Run field: Set the run Boolean field to True to initiate the file processing immediately after the file upload is complete.

Monitor the Upload and Run Progress

To view the status of the upload and run process, on the Kenna dashboard, choose Connectors.

{

"success": "true",

"connector_run_id": 1813706

}

Figure 13: See the status of the upload and run process.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)