Tanium Comply File-Based Connector

Cisco Vulnerability Management uses the data that Tanium Comply provides, and the asset risk data that other connectors report, to calculate a Cisco risk score for the assets in your environment, and provide you with enhanced risk posture and security.

Depending on the on-premises or cloud version of Tanium you have, your setup may differ, and you will need to download resources and store the Tanium input file. You can use the Comply or Connect tabs to choose the generation method that you require.

Tip: If you are concerned with creating duplicate assets, ensure you use the Generate the File from Tanium Connect instructions below.

 

Tanium Versions Supported

This connector supports Tanium Cloud, or On-Prem 2.12+. To set up the Tanium Comply Connector, see the Tanium User Documentation.

 

Tanium Fields Processed in Cisco Vulnerability Management

Asset Data

  • Title 
  • Endpoint * 
  • IP Address * 
  • CPEs 
  • Affected Products 
  • Affected Platforms 
  • Short hostname* 
  • Custom tags* 

Vulnerability Data

  • Check ID (CVE) * 
  • CVE Year 
  • CVE Created Date 
  • CVE Modified Date 
  • Severity (CVSS v3) 
  • Score (CVSS v3) 
  • Severity (CVSS v2) 
  • Score (CVSS v2) 

Note: The CVE field is required for vulnerability data. Ensure you use at least one Locator data point (marked with * in the Vulnerability Data list) to see the asset that the vulnerability affects.

Generate the File from Tanium Comply 

The Tanium Comply Vulnerability Findings report has the input data relevant for Cisco Vulnerability Management. For large CSV files, Tanium downloads the report in a zipped format that is an acceptable input for Cisco Vulnerability Management.

1. From the Tanium menu, choose Modules > Comply > Findings > Vulnerability > All Findings. 

1-Tanium_Comply_Findings_report.png

2. Choose all the columns from the selector and then click Download as CSV. The CSV file downloads to the local desktop/server (whichever instance is in use).
Note: For on-premises users, the Download as CSV option is supported in version 2.12 or later.

2-Download_the_Tanium_Comply_Findings_as_a_CVS_file.png

 

Generate the File from Tanium Connect

If you have multiple vendor scanners and get duplicate assets within Cisco Vulnerability Management, ensure you generate the file from Tanium Connect. Additional fields, Short-Hostname and Custom tags need to be included for your Cisco Vulnerability Management upload. Use the Tanium Connect tab to generate the CSV file. Tanium downloads large CSV files in a zipped format that are used to input to Cisco Vulnerability Management.

Note: Use these instructions if you have a destination set up where the CSV files are generated and stored. 

1. From the Tanium menu, choose Modules > Connect > Connections > Create Connection. 

3-_Use_the_Connections_module.png

 

4-Create_Connection.png

2. Add the following Connection details: 

  • In the General Information fields, type the Name and Description. 
  • In the Source field, choose Tanium Comply (Findings). 
  • In the Finding Type field, type Vulnerability 
  • From the Destination drop-down menu, choose any option available to you.

5-Connection_details_-Source__Type_and_Destination.png

3. In the Format field, type CSV, and then in the Columns section, edit the column names to match the names you see in Comply tab. 

5-Add_all_the_required_Connection_details_Source__Type_and_Destination.png

Comply and Connect Fields Table

Note: The column names in blue indicate the new fields you can select from the Connect tab, or if you can't find the column you need, you can create it as a custom column.

Comply 

Connect 

Check ID 

CVE 

Title 

Title 

CVE Year 

CVE Year 

Endpoint 

Short-Hostname 

IP Address 

IP Address 

Severity (CVSSv3) 

CVSS v3 severity 

Score (CVSS v3) 

CVSS v3 score 

Severity (CVSS v2) 

CVSS v2 severity 

Score (CVSS v2) 

CVSS v2 score 

CPEs 

Common Platform Enumerations 

Affected Products 

Affected Products 

Affected Platforms 

Affected Platforms 

CVE Created Date 

CVE Created 

CVE Modified Date 

CVE Modified 

Scan Method 

NA 

Operating System Generation 

Operating System Generation 

Operating System 

Operating System 

Computer ID 

Computer ID 

 

Custom Tags 

 

First Found Date 

 

Last Found Date 

 

Configure Cisco Vulnerability Management

1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Vulnerability Management section, click Tanium Comply.

Figure_8-Click_Tanium_Comply.png

4. On the Comply page, enter the following information:
Tanium-Comply-UI.png

      Name: Enter a name for the connector, or leave it as Comply.
      Schedule: Select the frequency that you’d like your Connector to run.

5. Click Save.

6. On your Connectors page, to upload the generated CSV file to Cisco Vulnerability Management, click Upload & Run. Cisco Vulnerability Management uses threat feeds to analyze the input data and generate the risk score. 

9-Upload_and_Run_button.png

 

10-Tanium_Comply_Connector_Details.png

Note: Write down the Connector ID number if you plan to use the API method to recreate the Configure Cisco Vulnerability Management process.

Automate the Upload and Run Process with the API

Tip: Take advantage of the Cisco Vulnerability Management API's automated upload and run steps process, after the CSV file is downloaded from Tanium.

1. Choose the following API > Connector Runs > Upload Data File. For more information, see the API documentation.

 

14-_API_Code.png

Mandatory Field List

Use the following list of mandatory fields to run this API successfully: 

  • Base URL: This is the base URL found on the API keys page. 
  • Connector ID: From the Cisco Vulnerability Management dashboard, click the Connector after it is created, and ensure you write down the ID. 
  • X-Risk token: Generate the API keys from the Cisco Vulnerability Management dashboard. Ensure you write down the key after it is generated. 

Note: After 15 minutes the entry disappears. If you need a copy of the token, use the Change token option to generate a new one. Also, if you need to revoke access for users of the Cisco Vulnerability Management account, do it from the API Keys page.

 

11-API_Keys.png

 

 

12-Generate_API_keys_and_write_down_the_base_URL.png

  • File field: This is the path for the CSV file that you want to upload. 
  • Run field: Set the run Boolean field to True to initiate the file processing immediately after the file upload is complete.

Monitor the Upload and Run Progress

To view the status of the upload and run process, on the Cisco Vulnerability Management dashboard, choose Connectors.

 

</ 

{ 

  "success": "true", 

  "connector_run_id": 1813706 

} 

 

13-See_the_status_of_the_upload_and_run_process.png

 

 

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

© 1992-2024 Cisco Systems, Inc. All rights reserved.

 

 

 

 




Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.