Tanium Comply File-Based Connector

The way this connector generates asset vulnerability data has improved. Cisco Vulnerability Management uses this data, along with asset risk data reported by other connectors, to calculate a risk score for the assets in your environment, providing you with enhanced risk posture and security.

Depending on the On-Prem or Cloud version of Tanium you have, your setup may differ, and you will need to download resources and store the Tanium input file. Choose the generation method you require by using the Comply or Connect tabs.

 

Tip: If you have doubts about creating duplicate assets, ensure you use the Generate the File from Tanium Connect instructions.

 

Use the following information to set up the Tanium Comply Connector in Cisco Vulnerability Management and generate the CSV file.

 

Tanium Versions Supported

This connector supports Tanium Cloud, or On-Prem 2.12+. To set up the Tanium Comply Connector, see the Tanium User Documentation.

 

Tanium Fields Processed in Cisco Vulnerability Management

Asset Data

  • Title 
  • Endpoint * 
  • IP Address * 
  • CPEs 
  • Affected Products 
  • Affected Platforms 
  • Short hostname* 
  • Custom tags* 

Vulnerability Data

  • Check ID (CVE) * 
  • CVE Year 
  • CVE Created Date 
  • CVE Modified Date 
  • Severity (CVSS v3) 
  • Score (CVSS v3) 
  • Severity (CVSS v2) 
  • Score (CVSS v2) 

Note: The CVE field is required for vulnerability data. Ensure you use at least one Locator data point (marked with * in the Vulnerability Data list) to see the asset affected by the vulnerability.

Generate the File from Tanium Comply 

The Tanium Comply Vulnerability Findings report has the input data relevant for Cisco Vulnerability Management. For large CSV files, Tanium downloads it in a zipped format that is an acceptable input for Cisco Vulnerability Management.

1. From the Tanium menu, choose Modules > Comply > Findings > Vulnerability > All Findings. 

1-Tanium_Comply_Findings_report.png

Figure 1: The Tanium Comply Vulnerability Findings report.

2-Download_the_Tanium_Comply_Findings_as_a_CVS_file.png

Figure 2: Download the Tanium Comply Findings as a CSV file.

2. Choose all the columns from the selector and then click Download as CSV. The CSV file downloads to the local desktop/server (whatever instance is in use).

Note: For On-Prem users, the download as a CSV is supported in versions 2.12 or later.

 

Generate the File from Tanium Connect

If you have multiple vendor scanners and get duplicate assets within Cisco Vulnerability Management, ensure you generate the file from Tanium Connect. Additional fields, Short-Hostname and Custom tags need to be included for your Cisco Vulnerability Management upload. Use the Tanium Connect tab to generate the CSV file. Tanium downloads large CSV files in a zipped format that is used as input to Cisco Vulnerability Management.

Note: Use these instructions if you have a destination set up where the CSV files are generated and stored. 

1. From the Tanium menu, choose Modules > Connect > Connections > Create Connection. 

3-_Use_the_Connections_module.png

Figure 3: Use the Connections module.

4-Create_Connection.png

Figure 4: Create the Connection.

2. Add the following Connection details: 

  • In General Information fields, type the Name and Description. 
  • In the Source field, choose Tanium Comply (Findings). 
  • In the Finding Type field, type Vulnerability 
  • From the Destination drop-down menu, choose any option available to you.

5-Connection_details_-Source__Type_and_Destination.png

Figure 5:  Add the Connection details: Source, Finding Type and Destination.

 

3. In the Format field, type CSV, and then in the Columns section, edit the column names to match the names you see in Comply tab. 

5-Add_all_the_required_Connection_details_Source__Type_and_Destination.png

Figure 6: Configure the Output Format and Column names.

Comply and Connect Fields Table

Note: The column names in blue indicate the new fields you can select from the Connect tab, or if you can't find the column you need, create it as a custom column.

Comply 

Connect 

Check ID 

CVE 

Title 

Title 

CVE Year 

CVE Year 

Endpoint 

Short-Hostname 

IP Address 

IP Address 

Severity (CVSSv3) 

CVSS v3 severity 

Score (CVSS v3) 

CVSS v3 score 

Severity (CVSS v2) 

CVSS v2 severity 

Score (CVSS v2) 

CVSS v2 score 

CPEs 

Common Platform Enumerations 

Affected Products 

Affected Products 

Affected Platforms 

Affected Platforms 

CVE Created Date 

CVE Created 

CVE Modified Date 

CVE Modified 

Scan Method 

NA 

Operating System Generation 

Operating System Generation 

Operating System 

Operating System 

Computer ID 

Computer ID 

 

Custom Tags 

 

First Found Date 

 

Last Found Date 

 

Configure Cisco Vulnerability Management

1. From the Cisco Vulnerability Management dashboard, choose Connectors > Add Connector > Tanium Comply. 

Figure

Figure 7: Click Add Connector.

Figure_8-Click_Tanium_Comply.png

Figure 8: On the Vulnerability Management page, click Tanium Comply.

2.To upload the generated CSV file to Cisco Vulnerability Management, click Upload & Run. Cisco Vulnerability Management uses threat feeds to analyze the input data and generate risk scores. 

9-Upload_and_Run_button.png

Figure 9: Upload and run the file.

10-Tanium_Comply_Connector_Details.png

Figure 10: The Connector ID.

Note: Write down the Connector ID number, if you plan to use the API method to recreate the Configure Cisco Vulnerability Management process.

Automate the Upload and Run Process with the Kenna API

Tip: Take advantage of the Kenna APIs automated upload and run steps process, after the CSV file is downloaded from Tanium.

 

14-_API_Code.png

Mandatory Field List

 

Use the following list of mandatory fields to run this API successfully: 

  • Base URL: Is the base URL and on the API keys page. 
  • Connector ID: From the Cisco Vulnerability Management dashboard, click the Connector after it is created, and ensure you write down the ID. 
  • X-Risk token: Generate the API keys from the Cisco Vulnerability Management dashboard. Ensure you write down the key after it is generated. 

Note: After 15 minutes the entry disappears, so thereafter if you need a copy of the token, use the Change token to generate a new one. Also, if you need to revoke access by users of the Cisco Vulnerability Management account, do it from the API Keys page. 

 

11-API_Keys.png

 

Figure 11: API Keys.

 

12-Generate_API_keys_and_write_down_the_base_URL.png

Figure 12: Generate API keys and write down the base URL. 

  • File field: Is the path for the CSV file that you want to upload. 
  • Run field: Set the run Boolean field to True to initiate the file processing immediately after the file upload is complete.

Monitor the Upload and Run Progress

To view the status of the upload and run process, on the Cisco Vulnerability Management dashboard, choose Connectors.

 

</ 

{ 

  "success": "true", 

  "connector_run_id": 1813706 

} 

 

13-See_the_status_of_the_upload_and_run_process.png

Figure 13: See the status of the upload and run process.

 

 

 

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

© 1992-2023 Cisco Systems, Inc. All rights reserved.

 

 

 

 




Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.