Tanium Platform

the tanium platform connector enables automated interaction with the tanium server for real time endpoint data collection and action execution tanium provides comprehensive endpoint management and security, enabling real time visibility and control over it environments the tanium platform connector for swimlane turbine allows users to initiate deployments, actions, and queries on endpoints, enhancing incident response and operational efficiency by leveraging this integration, security teams can automate critical tasks, rapidly respond to incidents, and access real time endpoint data, all within the swimlane turbine's low code automation platform this connector empowers users to extend their security capabilities and streamline endpoint management workflows, ensuring a proactive and informed security posture prerequisites to effectively utilize the tanium platform connector with swimlane turbine, ensure you have the following prerequisites api key authentication with the following parameters url the endpoint url for the tanium server api token a valid api token generated from the tanium console for authentication capabilities this connector provides the following capabilities create action create action by host create question get question results by id get system status asset setup to generate an api token, please follow the instructions below from the homepage after logging into your tanium instance, navigate to administration > api tokens click on new api token at the right side of the page set the expiration, persona and trusted ip addresses details and click on create note only ip addresses mentioned in trusted ip addresses , will be able to make successful connections to the api if you want to allow any ip, use 0 0 0 0/0 as the trusted ip address action setup create action the action object input to this action can be given in one of two ways using the predefined parameters in the json body parameters using the custom action object parameter this will override all other parameters create question this action takes a question object in string format as input the following are some examples of the question object \## example object { "query text" "get sample sensor from all machines", "selects" \[ { "group" { "and flag" false, "deleted flag" false, "filters" \[], "not flag" false, "sub groups" \[] }, "sensor" { "hash" 393862523, "name" "sample sensor" } } ], "sensor references" \[ { "name" "sample sensor", "start char" "4" } ] } \## example object (canonical text for parameterized sensor) { "query text" "get folder exists\[/opt/tanium/taniumclient from all machines with operating system contains linux" } \## example object (canonical text) { "query text" "get operating system from all machines" } configurations tanium platform api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required session api token or session id in the authorization header of all requests that are sent to api gateway string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create action initiates a deployment of a specified package to targeted machines on a set schedule within the tanium platform endpoint url /api/v2/actions method post input argument name type required description action group object optional parameter for create action id number optional unique identifier package spec object optional parameter for create action id number optional unique identifier source id number optional unique identifier parameters array optional parameters for the create action action key string optional parameter for create action value string optional value for the parameter name string optional name of the resource comment string optional parameter for create action expiration time string optional time value priority number optional parameter for create action expire seconds number optional parameter for create action target group object optional parameter for create action id number optional unique identifier data body string optional custom action object in string format this will override all other parameters output parameter type description status code number http status code of the response reason string response reason phrase data object response data id number unique identifier name string name of the resource comment string output field comment target group object output field target group id number unique identifier name string name of the resource action group object output field action group id number unique identifier name string name of the resource package spec object output field package spec id number unique identifier content set object response content id number unique identifier name string name of the resource name string name of the resource display name string name of the resource creation time string time value modification time string time value last modified by string output field last modified by mod user object output field mod user id number unique identifier name string name of the resource example \[ { "status code" 200, "response headers" { "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1", "referrer policy" "no referrer", "strict transport security" "max age=63072000; includesubdomains;", "content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ", "date" "fri, 01 mar 2024 06 45 08 gmt", "cache control" "private,max age=0,no cache,no store,must revalidate", "pragma" "no cache", "content type" "application/json", "content encoding" "gzip", "content length" "854", "x envoy upstream service time" "260", "server" "envoy" }, "reason" "ok", "json body" { "data" {} } } ] create action by host initiates a new action on specified hosts in tanium platform using package specifications and action group details endpoint url /api/v2/actions method post input argument name type required description name string required the action name expire seconds number optional how long from the start time of the action being issued before the action expires package spec object required parameter for create action by host source id string required the unique id of the package spec object parameters array optional parameters for the create action by host action key string optional parameter for create action by host value string optional value for the parameter action group object required parameter for create action by host id string optional the unique id of the group object name string optional a group name name must be unique host name string optional host name please provide the value for either the host name or ip address ip address string optional host name please provide the value for either the host name or ip address output parameter type description status code number http status code of the response reason string response reason phrase data object response data id number unique identifier name string name of the resource comment string output field comment target group object output field target group id number unique identifier name string name of the resource action group object output field action group id number unique identifier name string name of the resource package spec object output field package spec id number unique identifier content set object response content id number unique identifier name string name of the resource name string name of the resource display name string name of the resource creation time string time value modification time string time value last modified by string output field last modified by mod user object output field mod user id number unique identifier name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {} } } ] create question initiates a new question on the tanium server, which is immediately executed to gather information endpoint url /api/v2/questions method post input argument name type required description data body string optional the question object to create in string format output parameter type description status code number http status code of the response reason string response reason phrase data object response data id number unique identifier example \[ { "status code" 200, "response headers" { "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1", "referrer policy" "no referrer", "strict transport security" "max age=63072000; includesubdomains;", "content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ", "date" "fri, 01 mar 2024 06 21 11 gmt", "cache control" "private,max age=0,no cache,no store,must revalidate", "pragma" "no cache", "content type" "application/json", "content length" "21", "x envoy upstream service time" "28", "server" "envoy" }, "reason" "ok", "json body" { "data" {} } } ] get question results by id retrieve results for a specific question id from the tanium platform, requiring the 'id' as a path parameter endpoint url /api/v2/result data/question/{{id}} method get input argument name type required description id number required unique identifier most recent flag number optional parameter for get question results by id row count number optional count value row start number optional parameter for get question results by id output parameter type description status code number http status code of the response reason string response reason phrase data object response data now string output field now result sets array result of the operation id number unique identifier report count number count value saved question id number unique identifier question id number unique identifier seconds since issued number output field seconds since issued issue seconds number output field issue seconds expire seconds number output field expire seconds tested number output field tested passed number output field passed mr tested number output field mr tested mr passed number output field mr passed estimated total number output field estimated total select count number count value error count number error message if any no results count number result of the operation row count number count value row count machines number output field row count machines item count number count value filtered row count number count value filtered row count machines number output field filtered row count machines example \[ { "status code" 200, "response headers" { "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1", "referrer policy" "no referrer", "strict transport security" "max age=63072000; includesubdomains;", "content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ", "date" "tue, 05 mar 2024 06 06 52 gmt", "cache control" "private,max age=0,no cache,no store,must revalidate", "pragma" "no cache", "content type" "application/json", "content length" "538", "x envoy upstream service time" "28", "server" "envoy" }, "reason" "ok", "json body" { "data" {} } } ] get system status retrieve the current system status of the tanium platform server endpoint url /api/v2/system status method get input argument name type required description headers object optional http headers for the request tanium options object optional parameter for get system status cache filters array optional parameter for get system status field string optional the field to filter on operator string optional parameter for get system status value string optional the value of the field output parameter type description status code number http status code of the response reason string response reason phrase data array response data computer id number unique identifier full version string output field full version host name string name of the resource ipaddress client string output field ipaddress client ipaddress server string output field ipaddress server last registration string output field last registration port number number output field port number protocol version string output field protocol version public key valid boolean unique identifier receive state string output field receive state registered with tls boolean output field registered with tls registration error string error message if any send state string output field send state status string status value blocked count number count value leader count number count value normal count number count value receive backward count number count value receive forward count number count value receive none count number count value receive ok count number count value registered with errors count number error message if any example \[ { "status code" 200, "response headers" { "x frame options" "sameorigin", "x content type options" "nosniff", "x xss protection" "1", "referrer policy" "no referrer", "strict transport security" "max age=63072000; includesubdomains;", "content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ", "date" "mon, 18 mar 2024 05 38 05 gmt", "cache control" "private,max age=0,no cache,no store,must revalidate", "pragma" "no cache", "content type" "application/json", "content length" "743", "x envoy upstream service time" "18", "server" "envoy" }, "reason" "ok", "json body" { "data" \[] } } ] response headers header description example cache control directives for caching mechanisms private,max age=0,no cache,no store,must revalidate content encoding http response header content encoding gzip content length the length of the response body in bytes 21 content security policy http response header content security policy default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 'self';worker src 'self';media src 'self';style src 'self' 'unsafe inline';img src data blob 'self';frame ancestors 'self';font src 'self' data ;upgrade insecure requests;connect src data blob 'unsafe inline';block all mixed content; content type the media type of the resource application/json date the date and time at which the message was originated tue, 05 mar 2024 06 06 52 gmt pragma http response header pragma no cache referrer policy http response header referrer policy no referrer server information about the software used by the origin server envoy server timing http response header server timing action history cache refresh;dur=3 900;cnt=1, api;dur=119 575;cnt=1, api token cache refresh;dur=2 583;cnt=1, auth;dur=7 719;cnt=1, content set cache refresh;dur=1 363;cnt=1, group cache refresh;dur=15 346;cnt=2, gzip;dur=0 244;cnt=1, is action group visible;dur=2 857;cnt=2, meta data cache refresh;dur=6 262;cnt=1, package cache refresh;dur=9 833;cnt=1, rbac cache refresh;dur=3 755;cnt=1, saved action cache refresh;dur=2 536;cnt=1, scim server cache refresh;dur=1 958;cnt=1, user cache refresh;dur=3 043;cnt=1 strict transport security http response header strict transport security max age=63072000; includesubdomains; x content type options http response header x content type options nosniff x envoy upstream service time http response header x envoy upstream service time 28 x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1 notes create action https //developer tanium com/site/global/apis/platform/index gsp#api actions createactioncreate question https //developer tanium com/site/global/apis/platform/index gsp#api questions createquestion