The Tanium integration allows customers to send Tanium logs to AgileBlue for Action History, Client Status, Discover, Endpoint Config, Reporting, and Threat Response. This article covers configuring for HTTP Endpoint mode.
Requirements
- Tested on Tanium version 7.5.5.1162 and expected to work on newer versions
- Tanium Connect license
- Agent Hostname/IP Reachable from Tanium
- To gather this information, please contact support@agileblue.com before beginning the additional setup steps. The details will be customized per client.
Supported Data Streams & Default Ports
Each Tanium dataset has a default HTTP Endpoint Port, which can be found below:
| Data Stream | Dataset Name | Default HTTP Endpoint Port |
| Action History | tanium.action_history | 9577 |
| Client Status | tanium.client_status | 9579 |
| Discover | tanium.discover | 9581 |
| Endpoint Config | tanium.endpoint_config | 9583 |
| Reporting | tanium.reporting | 9585 |
| Threat Response | tanium.threat_response | 9587 |
Setup Steps
- Confirm your HTTP Endpoint Details
- Host: As mentioned in the requirements section, contact AgileBlue Support for your host's FQDN
- Port(s): See table above
- Protocol: HTTPS
- Create the HTTP Connection in Tanium Connect
- Go to Connect > Connections
- Click Create Connection
- Select HTTPS for the Destination
- Enter the FQDN for your Host and the corresponding port for the data you plan to stream
- Select the Tanium source for the connection
- Repeat this process for any additional data streams
- Set Format to JSON
- Turn off Generate Document
- Save the connection in Tanium and run or schedule the associated Tanium job to send data to the endpoint
Questions? Contact AgileBlue Support.
Email: support@agileblue.com
Phone: (216) 606-9400