Tanium

this connector integrates tanium with swimlane turbine asset setup the asset for this connector requires the following inputs session token capabilities this connector provides the following capabilities get alerts from an endpoint get connection id get process from an endpoint resolve an alert get endpoints notes for more information on tanium is found at tanium main site https //www tanium com/ api documentation link tanium api documentation link https //docs tanium com/api gateway/api gateway/api gateway html?highlight=api\&cloud=true configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required session api token or session id in the authorization header of all requests that are sent to api gateway string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts from endpoint get alerts from an endpoint endpoint url /plugin/products/gateway/graphql method post input argument name type required description variables object optional parameter for get alerts from endpoint variables id string required unique identifier input example {"json body" {"variables" {"id" "12345678 90ab cdef 1234 567890abcdef"}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data directconnectendpoint object response data data directconnectendpoint alerts object response data data directconnectendpoint alerts all array response data data directconnectendpoint alerts all schema number response data data directconnectendpoint alerts all key string response data data directconnectendpoint alerts all type string response data data directconnectendpoint alerts all ref object response data data directconnectendpoint alerts all topprocessesexpr object response data data directconnectendpoint alerts all labels object response data data directconnectendpoint alerts all pendingat string response data data directconnectendpoint alerts all start string response data data directconnectendpoint alerts all resolvedat object response data data directconnectendpoint alerts all leadup number response data data directconnectendpoint alerts all value number response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" {"directconnectendpoint" {}}}} get connection id get connection id endpoint url /plugin/products/gateway/graphql method post input argument name type required description variables object optional parameter for get connection id variables id string required unique identifier input example {"json body" {"variables" {"id" "12323"}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data opendirectconnection object response data data opendirectconnection connectionid string response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" {"opendirectconnection" {}}}} get endpoints the following query retrieves known endpoints from tanium endpoint url /plugin/products/gateway/graphql method post input argument name type required description variables object optional parameter for get endpoints variables count number optional count value variables time number optional time value input example {"variables" {"count" 123,"time" 123}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data endpoints object response data data endpoints edges array response data data endpoints edges node object response data data endpoints edges node computerid string response data data endpoints edges node name string response data data endpoints edges node serialnumber string response data data endpoints edges node ipaddress string response data output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","server" "restify","x request id" "31dd35f5 42a5 4d04 845a 6a3ea7c4304f","tanium gateway version" "1 9 72 0000","content encoding" "gzip","cache control" "no store","pragma" "no cache","expires" "0","content type" "application/json; charset=utf 8","date" "thu, 16 nov 2023 16 02 59 gmt","transfer encoding" "chunked"},"reason" "ok","json bo get process from endpoint get process from an endpoint endpoint url /plugin/products/gateway/graphql method post input argument name type required description variables object optional parameter for get process from endpoint variables id string required unique identifier input example {"json body" {"variables" {"id" "12323"}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data directconnectendpoint object response data data directconnectendpoint processes object response data data directconnectendpoint processes all array response data data directconnectendpoint processes all pid number response data data directconnectendpoint processes all ppid number response data data directconnectendpoint processes all name string response data data directconnectendpoint processes all commandline string response data data directconnectendpoint processes all username string response data data directconnectendpoint processes all groupname string response data data directconnectendpoint processes all memoryresidentbytes number response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" {"directconnectendpoint" {}}}} resolve an alert assign resolved status to alert endpoint url /plugin/products/gateway/graphql method post input argument name type required description variables object optional parameter for resolve an alert variables guid string required unique identifier input example {"json body" {"variables" {"guid" "12345678 90ab cdef 1234 567890abcdef"}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data threatresponsealertresolve object response data data threatresponsealertresolve resolved boolean response data data threatresponsealertresolve guid string response data data threatresponsealertresolve error object response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" {"threatresponsealertresolve" {}}}} response headers header description example cache control directives for caching mechanisms no store content encoding http response header content encoding gzip content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated thu, 16 nov 2023 16 02 59 gmt expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache referrer policy http response header referrer policy no referrer server information about the software used by the origin server restify tanium gateway version http response header tanium gateway version 1 9 72 0000 transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x request id a unique identifier for the request 31dd35f5 42a5 4d04 845a 6a3ea7c4304f x xss protection http response header x xss protection 1