: Integrate IoT Security with Tanium
Focus
Focus

Integrate IoT Security with Tanium

Table of Contents

Integrate
IoT Security
with Tanium

Integrate
IoT Security
through
Cortex XSOAR
with Tanium.
Tanium provides endpoint protection for devices such as laptops, desktops, and servers. It uses a client-server architecture in which Tanium agents installed on each endpoint communicate with the Tanium server, which can be deployed on premises or in the cloud. The agents collect data about the processes, network connections, and installed software and report back to the server. The server processes the data and identifies vulnerabilities and security gaps so that the organization can ensure their IT environment is protected and complies with security best practices.
IoT Security
can integrate through
Cortex XSOAR
with Tanium to import data about vulnerabilities on IoT devices. The IoT devices must already be in the
IoT Security
inventory and they must be hosting a Tanium agent. (Tanium agents can be installed on AIX, Linux, macOS, Solaris, and Windows endpoints.)
The imported data is then shown on the Vulnerabilities, Devices, and Device Details pages in the
IoT Security
portal.
IoT Security
also updates the risk scores for devices, device profiles, sites, and the organization based on the vulnerabilities that Tanium provides.
Both the cloud-based and on-premises Tanium server provide a GraphQL API that
Cortex XSOAR
or a
Cortex
engine accesses over HTTPS.
In
Cortex XSOAR
, you create an integration instance to connect to the Tanium API and a job to import device details and vulnerabilities to
IoT Security
for devices in its database. You can then see the following data learned from Tanium on the Device Details page and Vulnerabilities page in the
IoT Security
portal:
  • Device details – IP address, MAC address, hostname, serial number
  • Vulnerabilities – CVE findings
Integrating with Tanium requires either a full-featured Cortex XSOAR server or the purchase and activation of an
IoT Security
third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Tanium. The advanced plan includes a license for all supported third-party integrations.

Recommended For You