[SAASINT-3541] DDS: Tanium: Crawler Integration v1.0.0 #19343
+6,987
−24
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -1,43 +1,59 @@ | ||||||
| ## Overview | ||||||
|
|
||||||
| [Tanium][1] is an enterprise platform that's primarily used as an endpoint management tool. It empowers security and IT operations teams with quick visibility and control to secure and manage every endpoint on the network. | ||||||
|
|
||||||
| This integration ingests the following logs: | ||||||
|
|
||||||
| - **Threat Response Alerts**: This endpoint contains information about the core incident response lifecycle with integrated capabilities for alerting, analysis, containment, and remediation. | ||||||
| - **Threat Response Audit**: This endpoint contains information about the centralized view of audit events generated by the Tanium Threat Response. | ||||||
| - **Platform Audit**: This endpoint contains information about the authentication, API token usage, local settings, persona changes, user settings, and system settings information. | ||||||
|
|
||||||
| This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products | ||||||
| * [Log Explorer][3] | ||||||
|
There was a problem hiding this comment.
Suggested change
would be better to just provide the links here There was a problem hiding this comment. Done 👍 |
||||||
| * [Cloud SIEM][4] | ||||||
|
There was a problem hiding this comment.
Suggested change
delete There was a problem hiding this comment. Done 👍 |
||||||
|
|
||||||
|
There was a problem hiding this comment.
Suggested change
delete There was a problem hiding this comment. Done 👍 |
||||||
| ## Setup | ||||||
|
|
||||||
| ### Generate API Credentials in Tanium | ||||||
|
|
||||||
| 1. Login into Tanium. | ||||||
| 2. From the Main menu, go to **Administration** > **Permissions** > **API Tokens**. | ||||||
| 3. Click **New API Token** and configure the token settings: | ||||||
|
There was a problem hiding this comment.
Suggested change
There was a problem hiding this comment. Done 👍 |
||||||
| - **Expiration**: Enter the expiration interval in days. | ||||||
| - **Trusted IP addresses**: Enter the external IP addresses as `::/0,0.0.0.0/0` to enable any system to use the token. | ||||||
| 4. Click on **Create**. | ||||||
| 5. Click on **Yes** and copy the **token** for later use. | ||||||
| 6. The Tanium host format is **\<customer\>.cloud.tanium.com**. Replace **\<customer\>** with your organization's specific subdomain. | ||||||
|
|
||||||
| ### Connect your Tanium Account to Datadog | ||||||
|
|
||||||
| 1. Add your Host and API Token. | ||||||
| | Parameters | Description | | ||||||
| | ------------------- |------------------------------------------------------------- | | ||||||
| | Host | The Host of your Tanium platform. | | ||||||
| | API Token | The API Token of your Tanium platform. | | ||||||
|
|
||||||
| 2. Click the Save button to save your settings. | ||||||
|
|
||||||
| ## Data Collected | ||||||
|
|
||||||
| ### Logs | ||||||
|
|
||||||
| The Tanium integration collects and forwards threat-response alerts, threat-response audit logs, and platform audit logs to Datadog. | ||||||
|
|
||||||
| ### Metrics | ||||||
|
|
||||||
| The Tanium integration does not include any metrics. | ||||||
|
|
||||||
| ### Events | ||||||
|
|
||||||
| The Tanium integration does not include any events. | ||||||
|
|
||||||
| ## Support | ||||||
|
|
||||||
| For any further assistance, contact [Datadog support][2]. | ||||||
|
|
||||||
| [1]: https://www.tanium.com/ | ||||||
| [2]: https://docs.datadoghq.com/help/ | ||||||
| [3]: https://docs.datadoghq.com/logs/explorer/ | ||||||
| [4]: https://www.datadoghq.com/product/cloud-siem/ | ||||||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggest to reword this slightly
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done 👍