The way this connector generates asset vulnerability data has improved. Cisco Vulnerability Management uses this data, along with asset risk data reported by other connectors, to calculate a risk score for the assets in your environment, providing you with enhanced risk posture and security.
Depending on the On-Prem or Cloud version of Tanium you have, your setup may differ, and you will need to download resources and store the Tanium input file. Choose the generation method you require by using the Comply or Connect tabs.
Tip: If you have doubts about creating duplicate assets, ensure you use the Generate the File from Tanium Connect instructions.
Use the following information to set up the Tanium Comply Connector in Cisco Vulnerability Management and generate the CSV file.
Tanium Versions Supported
This connector supports Tanium Cloud, or On-Prem 2.12+. To set up the Tanium Comply Connector, see the Tanium User Documentation.
Tanium Fields Processed in Cisco Vulnerability Management
Asset Data
- Title
- Endpoint *
- IP Address *
- CPEs
- Affected Products
- Affected Platforms
- Short hostname*
- Custom tags*
Vulnerability Data
- Check ID (CVE) *
- CVE Year
- CVE Created Date
- CVE Modified Date
- Severity (CVSS v3)
- Score (CVSS v3)
- Severity (CVSS v2)
- Score (CVSS v2)
Note: The CVE field is required for vulnerability data. Ensure you use at least one Locator data point (marked with * in the Vulnerability Data list) to see the asset affected by the vulnerability.
Generate the File from Tanium Comply
The Tanium Comply Vulnerability Findings report has the input data relevant for Cisco Vulnerability Management. For large CSV files, Tanium downloads it in a zipped format that is an acceptable input for Cisco Vulnerability Management.
1. From the Tanium menu, choose Modules > Comply > Findings > Vulnerability > All Findings.
Figure 1: The Tanium Comply Vulnerability Findings report.
Figure 2: Download the Tanium Comply Findings as a CSV file.
2. Choose all the columns from the selector and then click Download as CSV. The CSV file downloads to the local desktop/server (whatever instance is in use).
Note: For On-Prem users, the download as a CSV is supported in versions 2.12 or later.
Generate the File from Tanium Connect
If you have multiple vendor scanners and get duplicate assets within Cisco Vulnerability Management, ensure you generate the file from Tanium Connect. Additional fields, Short-Hostname and Custom tags need to be included for your Cisco Vulnerability Management upload. Use the Tanium Connect tab to generate the CSV file. Tanium downloads large CSV files in a zipped format that is used as input to Cisco Vulnerability Management.
Note: Use these instructions if you have a destination set up where the CSV files are generated and stored.
1. From the Tanium menu, choose Modules > Connect > Connections > Create Connection.
Figure 3: Use the Connections module.
Figure 4: Create the Connection.
2. Add the following Connection details:
- In General Information fields, type the Name and Description.
- In the Source field, choose Tanium Comply (Findings).
- In the Finding Type field, type Vulnerability.
- From the Destination drop-down menu, choose any option available to you.
Figure 5: Add the Connection details: Source, Finding Type and Destination.
3. In the Format field, type CSV, and then in the Columns section, edit the column names to match the names you see in Comply tab.
Figure 6: Configure the Output Format and Column names.
Comply and Connect Fields Table
Note: The column names in blue indicate the new fields you can select from the Connect tab, or if you can't find the column you need, create it as a custom column.
Comply |
Connect |
Check ID |
CVE |
Title |
Title |
CVE Year |
CVE Year |
Endpoint |
Short-Hostname |
IP Address |
IP Address |
Severity (CVSSv3) |
CVSS v3 severity |
Score (CVSS v3) |
CVSS v3 score |
Severity (CVSS v2) |
CVSS v2 severity |
Score (CVSS v2) |
CVSS v2 score |
CPEs |
Common Platform Enumerations |
Affected Products |
Affected Products |
Affected Platforms |
Affected Platforms |
CVE Created Date |
CVE Created |
CVE Modified Date |
CVE Modified |
Scan Method |
NA |
Operating System Generation |
Operating System Generation |
Operating System |
Operating System |
Computer ID |
Computer ID |
|
Custom Tags |
|
First Found Date |
|
Last Found Date |
Configure Cisco Vulnerability Management
1. From the Cisco Vulnerability Management dashboard, choose Connectors > Add Connector > Tanium Comply.
Figure 7: Click Add Connector.
Figure 8: On the Vulnerability Management page, click Tanium Comply.
2.To upload the generated CSV file to Cisco Vulnerability Management, click Upload & Run. Cisco Vulnerability Management uses threat feeds to analyze the input data and generate risk scores.
Figure 9: Upload and run the file.
Figure 10: The Connector ID.
Note: Write down the Connector ID number, if you plan to use the API method to recreate the Configure Cisco Vulnerability Management process.
Automate the Upload and Run Process with the Kenna API
Tip: Take advantage of the Kenna APIs automated upload and run steps process, after the CSV file is downloaded from Tanium.
- Choose the following API > Connector Runs > Upload Data File. For more information, see: https://apidocs.kennasecurity.com/reference/upload-data-fil
Mandatory Field List
Use the following list of mandatory fields to run this API successfully:
- Base URL: Is the base URL and on the API keys page.
- Connector ID: From the Cisco Vulnerability Management dashboard, click the Connector after it is created, and ensure you write down the ID.
- X-Risk token: Generate the API keys from the Cisco Vulnerability Management dashboard. Ensure you write down the key after it is generated.
Note: After 15 minutes the entry disappears, so thereafter if you need a copy of the token, use the Change token to generate a new one. Also, if you need to revoke access by users of the Cisco Vulnerability Management account, do it from the API Keys page.
Figure 11: API Keys.
Figure 12: Generate API keys and write down the base URL.
- File field: Is the path for the CSV file that you want to upload.
- Run field: Set the run Boolean field to True to initiate the file processing immediately after the file upload is complete.
Monitor the Upload and Run Progress
To view the status of the upload and run process, on the Cisco Vulnerability Management dashboard, choose Connectors.
</
{
"success": "true",
"connector_run_id": 1813706
}
Figure 13: See the status of the upload and run process.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
© 1992-2023 Cisco Systems, Inc. All rights reserved.
Comments
Please sign in to leave a comment.