Tanium Platform

the tanium platform connector enables automated interaction with the tanium server for real time endpoint data collection and action execution tanium provides comprehensive endpoint management and security, enabling real time visibility and control over it environments the tanium platform connector for swimlane turbine allows users to initiate deployments, actions, and queries on endpoints, enhancing incident response and operational efficiency by leveraging this integration, security teams can automate critical tasks, rapidly respond to incidents, and access real time endpoint data, all within the swimlane turbine's low code automation platform this connector empowers users to extend their security capabilities and streamline endpoint management workflows, ensuring a proactive and informed security posture prerequisites to effectively utilize the tanium platform connector with swimlane turbine, ensure you have the following prerequisites api key authentication with the following parameters url the endpoint url for the tanium server api token a valid api token generated from the tanium console for authentication capabilities this connector provides the following capabilities create action create action by host create question get question results by id get system status asset setup to generate an api token, please follow the instructions below from the homepage after logging into your tanium instance, navigate to administration > api tokens click on new api token at the right side of the page set the expiration, persona and trusted ip addresses details and click on create note only ip addresses mentioned in trusted ip addresses , will be able to make successful connections to the api if you want to allow any ip, use 0 0 0 0/0 as the trusted ip address action setup create action the action object input to this action can be given in one of two ways using the predefined parameters in the json body parameters using the custom action object parameter this will override all other parameters create question this action takes a question object in string format as input the following are some examples of the question object \## example object { "query text" "get sample sensor from all machines", "selects" \[ { "group" { "and flag" false, "deleted flag" false, "filters" \[], "not flag" false, "sub groups" \[] }, "sensor" { "hash" 393862523, "name" "sample sensor" } } ], "sensor references" \[ { "name" "sample sensor", "start char" "4" } ] } \## example object (canonical text for parameterized sensor) { "query text" "get folder exists\[/opt/tanium/taniumclient from all machines with operating system contains linux" } \## example object (canonical text) { "query text" "get operating system from all machines" } notes https //developer tanium com/site/global/apis/platform/index gsp#api actions createaction https //developer tanium com/site/global/apis/platform/index gsp#api questions createquestion configurations tanium platform api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required session api token or session id in the authorization header of all requests that are sent to api gateway string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create action initiates a deployment of a specified package to targeted machines on a set schedule within the tanium platform endpoint url /api/v2/actions method post input argument name type required description data body string optional custom action object in string format this will override all other parameters action group object optional parameter for create action action group id number optional unique identifier package spec object optional parameter for create action package spec id number optional unique identifier package spec source id number optional unique identifier package spec parameters array optional parameters for the create action action package spec parameters key string optional parameters for the create action action package spec parameters value string optional parameters for the create action action name string optional name of the resource comment string optional parameter for create action expiration time string optional time value priority number optional parameter for create action expire seconds number optional parameter for create action target group object optional parameter for create action target group id number optional unique identifier input example {"json body" {"action group" {"id" 3},"package spec" {"id" 73,"source id" 73,"parameters" \[{"key" "$1","value" "testtagforwindowsendpoints"},{"key" "$2","value" "testtagforlinuxendpoints"}]},"name" "sample action","comment" "some comment","expiration time" "string","priority" 1,"expire seconds" 3600,"target group" {"id" 1}},"data body" "string"} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id number response data data name string response data data comment string response data data target group object response data data target group id number response data data target group name string response data data action group object response data data action group id number response data data action group name string response data data package spec object response data data package spec id number response data data package spec content set object response data data package spec content set id number response data data package spec content set name string response data data package spec name string response data data package spec display name string response data data package spec creation time string response data data package spec modification time string response data data package spec last modified by string response data data package spec mod user object response data data package spec mod user id number response data data package spec mod user name string response data output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","strict transport security" "max age=63072000; includesubdomains;","content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ","date" "fri, 01 mar 2024 06 45 08 gmt","cache control" "private,max age=0,no cache,no store,must revalidate","pragma" "no cache","content type" "application/json create action by host initiates a new action on specified hosts in tanium platform using package specifications and action group details endpoint url /api/v2/actions method post input argument name type required description host name string optional host name please provide the value for either the host name or ip address ip address string optional host name please provide the value for either the host name or ip address name string optional the action name expire seconds number optional how long from the start time of the action being issued before the action expires package spec object optional parameter for create action by host package spec source id string required the unique id of the package spec object package spec parameters array optional parameters for the create action by host action package spec parameters key string optional parameters for the create action by host action package spec parameters value string optional parameters for the create action by host action action group object optional parameter for create action by host action group id string optional the unique id of the group object action group name string optional a group name name must be unique input example {"json body" {"name" "testing","expire seconds" "3600","package spec" {"source id" "4036","parameters" \[{"key" "$1","value" "testtagforwindowsendpoints"}]},"action group" {"id" "4","name" "test action group 1"}},"host name" "google","ip address" "127 4 1 1/24"} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id number response data data name string response data data comment string response data data target group object response data data target group id number response data data target group name string response data data action group object response data data action group id number response data data action group name string response data data package spec object response data data package spec id number response data data package spec content set object response data data package spec content set id number response data data package spec content set name string response data data package spec name string response data data package spec display name string response data data package spec creation time string response data data package spec modification time string response data data package spec last modified by string response data data package spec mod user object response data data package spec mod user id number response data data package spec mod user name string response data output example {"data" {"id" 123,"name" "example name","comment" "string","target group" {"id" 123,"name" "example name"},"action group" {"id" 123,"name" "example name"},"package spec" {"id" 123,"content set" {},"name" "example name","display name" "example name","creation time" "string","modification time" "string","last modified by" "string","mod user" {},"mod persona" {},"command" "string","command timeout" 123,"expire seconds" 123,"verify expire seconds" 123,"skip lock flag"\ true,"hidden flag"\ true},"skip create question initiates a new question on the tanium server, which is immediately executed to gather information endpoint url /api/v2/questions method post input argument name type required description data body string optional the question object to create in string format input example {"data body" "question object"} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id number response data output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","strict transport security" "max age=63072000; includesubdomains;","content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ","date" "fri, 01 mar 2024 06 21 11 gmt","cache control" "private,max age=0,no cache,no store,must revalidate","pragma" "no cache","content type" "application/json get question results by id retrieve results for a specific question id from the tanium platform, requiring the 'id' as a path parameter endpoint url /api/v2/result data/question/{{id}} method get input argument name type required description path parameters id number required parameters for the get question results by id action parameters most recent flag number optional parameters for the get question results by id action parameters row count number optional parameters for the get question results by id action parameters row start number optional parameters for the get question results by id action input example {"parameters" {"most recent flag" 0,"row count" 10,"row start" 0},"path parameters" {"id" 15165}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data now string response data data result sets array response data data result sets id number response data data result sets report count number response data data result sets saved question id number response data data result sets question id number response data data result sets seconds since issued number response data data result sets issue seconds number response data data result sets expire seconds number response data data result sets tested number response data data result sets passed number response data data result sets mr tested number response data data result sets mr passed number response data data result sets estimated total number response data data result sets select count number response data data result sets error count number response data data result sets no results count number response data data result sets row count number response data data result sets row count machines number response data data result sets item count number response data data result sets filtered row count number response data data result sets filtered row count machines number response data output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","strict transport security" "max age=63072000; includesubdomains;","content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ","date" "tue, 05 mar 2024 06 06 52 gmt","cache control" "private,max age=0,no cache,no store,must revalidate","pragma" "no cache","content type" "application/json get system status retrieve the current system status of the tanium platform server endpoint url /api/v2/system status method get input argument name type required description headers object optional http headers for the request headers tanium options object optional http headers for the request headers tanium options cache filters array optional http headers for the request headers tanium options cache filters field string optional the field to filter on headers tanium options cache filters operator string optional http headers for the request headers tanium options cache filters value string optional the value of the field input example {"headers" {"tanium options" {"cache filters" \[{"field" "host name","operator" "equal","value" "diffusing tanium com"}]}}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data computer id number response data data full version string response data data host name string response data data ipaddress client string response data data ipaddress server string response data data last registration string response data data port number number response data data protocol version string response data data public key valid boolean response data data receive state string response data data registered with tls boolean response data data registration error string response data data send state string response data data status string response data data blocked count number response data data leader count number response data data normal count number response data data receive backward count number response data data receive forward count number response data data receive none count number response data data receive ok count number response data data registered with errors count number response data output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","strict transport security" "max age=63072000; includesubdomains;","content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ","date" "mon, 18 mar 2024 05 38 05 gmt","cache control" "private,max age=0,no cache,no store,must revalidate","pragma" "no cache","content type" "application/json response headers header description example cache control directives for caching mechanisms private,max age=0,no cache,no store,must revalidate content encoding http response header content encoding gzip content length the length of the response body in bytes 743 content security policy http response header content security policy default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 'self';worker src 'self';media src 'self';style src 'self' 'unsafe inline';img src data blob 'self';frame ancestors 'self';font src 'self' data ;upgrade insecure requests;connect src data blob 'unsafe inline';block all mixed content; content type the media type of the resource application/json date the date and time at which the message was originated tue, 05 mar 2024 06 06 52 gmt pragma http response header pragma no cache referrer policy http response header referrer policy no referrer server information about the software used by the origin server envoy server timing http response header server timing action history cache refresh;dur=3 900;cnt=1, api;dur=119 575;cnt=1, api token cache refresh;dur=2 583;cnt=1, auth;dur=7 719;cnt=1, content set cache refresh;dur=1 363;cnt=1, group cache refresh;dur=15 346;cnt=2, gzip;dur=0 244;cnt=1, is action group visible;dur=2 857;cnt=2, meta data cache refresh;dur=6 262;cnt=1, package cache refresh;dur=9 833;cnt=1, rbac cache refresh;dur=3 755;cnt=1, saved action cache refresh;dur=2 536;cnt=1, scim server cache refresh;dur=1 958;cnt=1, user cache refresh;dur=3 043;cnt=1 strict transport security http response header strict transport security max age=63072000; includesubdomains; x content type options http response header x content type options nosniff x envoy upstream service time http response header x envoy upstream service time 129 x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1