The Tanium Comply Connector is a file-based connector that allows you to take the results of a saved Tanium question and import the vulnerability data into your Kenna Platform.
Supported Versions of Tanium:
- 2.x version of Tanium
- JSON file
Tanium Fields that will be processed in Kenna:
- Asset Data
- MAC Address*
- IP Address*
- Computer Name*
- Operating System
- Service Pack
- Custom Tags
- Vulnerability Data
- Last Seen Date
- First Found Date
- The "GET" clause below needs to provide relevant data to the Kenna platform. The CVE field is required for vulnerability data, and at least one Locator data point (marked with * above) should be provided to convey the asset affected by the vulnerability. An example Tanium Comply Question has been provided below.
- The Vulnerabilities data source is affected by your Scan Engine and Scan Hash. The example shows a series of vulnerabilites brought in by the CIS-CAT scan engine with a Scan Hash of d54fd5b1.
- The “WITH” clause at the end of the question is customizable to filter which assets you want to run the question against and, subsequently, bring into Kenna. This example was used to fetch information on Mac machines, but you can apply any filter here.
Generating the File within Tanium Comply Connector
Create a Saved Question that pulls in the required data as seen in the previous example.
Tip: Use the preview to confirm the desired fields are included.
In Tanium, navigate to the Connect module.
Click Create Connection > Create.
Note: General Information can remain as the default values.
Under Source, select Saved Question.
Under Destination, select File, then fill in a file name as desired.
Select JSON for the Format and check the Generate Document and Wrap Data With Source boxes.
Tip: Row Delimiter field can remain the default. No advanced settings are needed.
Set the schedule as desired and save the connection.