Set up Tanium for integration through Cortex XSOAR with IoT Security.
Where Can I Use This?
What Do I Need?
IoT Security (Managed by IoT Security)
IoT Security subscription for an advanced
IoT Security product (Enterprise Plus, Industrial
OT, or Medical)
One of the following Cortex XSOAR setups:
An IoT Security Third-party Integration Add-on
license that includes a cohosted, limited-featured
Cortex XSOAR instance
AND
A Cortex XSOAR Engine (on-premises integration)
A full-featured Cortex XSOAR server
When Cortex XSOAR connects to the Tanium API, XSOAR must authenticate itself by
presenting valid user login credentials. XSOAR can use credentials for an existing
user account or you can create a new account for it to use.
Create a user account for XSOAR to use when accessing the Tanium API.
Log in to the Tanium server and, at the top of the main page, select AdministrationUsers.
Click New User, enter the following, and leave the other
fields at their default values:
User Name: Enter a user name such as
cortex-xsoar
Roles: Click Manage Roles, choose API Gateway
User, and then Apply.
Set up user authentication for the user account.
An on-premises Tanium server supports both local and external user
authentication methods. A cloud-based Tanium server supports external
authentication. Use one of the following methods to authenticate Cortex XSOAR when it connects to the Tanium API:
External user authentication for cloud and on-premises deployments
(Windows only) Active Directory server for the domain to which the
Tanium server is joined.
(Windows only) Windows authentication for accounts that are defined
locally on a Tanium Server. The user passwords are stored in the
Windows user database, not in the Tanium database.
Local user authentication for on-premises deployments
