diff --git a/docs/integration/categories/endpoint/tanium.md b/docs/integration/categories/endpoint/tanium.md index 8c2d0fa937..4c8aa04d8c 100644 --- a/docs/integration/categories/endpoint/tanium.md +++ b/docs/integration/categories/endpoint/tanium.md @@ -13,8 +13,43 @@ Tanium solutions manage and protect networks and endpoints. - **Supported application or feature**: File, Network, Process, Registry -## Configure -Tanium logs can be collected under the rsyslog format and then forward to Sekoia.io. Refer to the official documentation of Tanium to forward your logs under rsyslog format and consult the [Rsyslog Transport](/integration/ingestion_methods/rsyslog) documentation to forward these logs to Sekoia.io. +## Specification + +### Prerequisites + +- **Resource**: + - Self-managed syslog forwarder +- **Network**: + - Outbound traffic allowed +- **Permissions**: + - Administrator rights on the TanOS console + - Root access to the Linux server with the syslog forwarder + +### Transport Protocol/Method + +- **Indirect Syslog** + +### Logs details + +- **Supported functionalities**: See section [Overview](#overview) +- **Supported type(s) of structure**: Text Plain +- **Supported verbosity level**: Informational + +## Step-by-Step Configuration Procedure + +### Instructions on the 3rd Party Solution + +#### Forward Tanium Logs to Sekoia.io + +This setup guide will show you how to forward your Tanium logs to Sekoia.io by means of a syslog transport channel. + +#### Detailed Procedure: + +1. **Enable Syslog Forwarding:** + + - Follow [this guide](https://help.tanium.com/bundle/ug_appliance_onprem/page/appliance/syslog.html) to enable syslog forwarding for events. + - Set the syslog-forwarder as the destination of the syslog configuration. + We recommend to disable TLS and enable TCP octet framing and RFC5424 output format. {!_shared_content/operations_center/integrations/generated/59991ced-c2a0-4fb0-91f3-49e3993c16f5_sample.md!} @@ -23,3 +58,7 @@ Tanium logs can be collected under the rsyslog format and then forward to Sekoia {!_shared_content/operations_center/detection/generated/suggested_rules_59991ced-c2a0-4fb0-91f3-49e3993c16f5_do_not_edit_manually.md!} {!_shared_content/operations_center/integrations/generated/59991ced-c2a0-4fb0-91f3-49e3993c16f5.md!} + +## Further readings + +- [Configuring TanOS to send Syslog Events](https://help.tanium.com/bundle/ug_appliance_onprem/page/appliance/syslog.html)