Integrate Device Security through Cortex XSOAR with Tanium.
Where Can I Use This?
What Do I Need?
Device Security (Managed by Strata Cloud Manager)
(Legacy) IoT Security (Standalone portal)
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise Plus,
Industrial OT, or Medical)
Device Security X subscription
One of the following Cortex XSOAR setups:
A free, cohosted, limited-featured
Cortex XSOAR instance
AND
A Cortex XSOAR Engine (on-premises integration)
A full-featured Cortex XSOAR server
Tanium provides endpoint protection for devices such as laptops, desktops, and
servers. It uses a client-server architecture in which Tanium agents installed on each
endpoint communicate with the Tanium server, which can be deployed on premises or in the
cloud. The agents collect data about the processes, network connections, and installed
software and report back to the server. The server processes the data and identifies
vulnerabilities and security gaps so that the organization can ensure their IT
environment is protected and complies with security best practices.
Device Security can integrate through Cortex XSOAR with Tanium to import data about
vulnerabilities on IoT devices. The IoT devices must already be in the Device Security
inventory and they must be hosting a Tanium agent. (Tanium agents can be installed on AIX, Linux, macOS, Solaris, and Windows
endpoints.)
The imported data is then shown on the Vulnerabilities, Devices, and Device
Details pages in the Device Security portal. Device Security also updates the risk scores for
devices, device profiles, sites, and the organization based on the vulnerabilities that
Tanium provides.
Both the cloud-based and on-premises Tanium server provide a GraphQL API that
Cortex XSOAR or a Cortex engine accesses over HTTPS.
In Cortex XSOAR, you create an integration instance to connect to the Tanium
API and a job to import device details and vulnerabilities to Device Security for devices
in its database. You can then see the following data learned from Tanium on the Device
Details page and Vulnerabilities page in the Device Security portal:
Device details – IP address, MAC address, hostname, serial number
Vulnerabilities – CVE findings
Integrating with Tanium requires either a full-featured Cortex XSOAR server or the purchase
and activation of an Device Security
third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan
includes a license for three integration add-ons, one of which can be used for Tanium.
The advanced plan includes a license for all supported third-party integrations.