Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tanium: update the documentation #2015

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Tanium: update the documentation #2015

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 41 additions & 2 deletions docs/integration/categories/endpoint/tanium.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,43 @@ Tanium solutions manage and protect networks and endpoints.
- **Supported application or feature**: File, Network, Process, Registry


## Configure
Tanium logs can be collected under the rsyslog format and then forward to Sekoia.io. Refer to the official documentation of Tanium to forward your logs under rsyslog format and consult the [Rsyslog Transport](/integration/ingestion_methods/rsyslog) documentation to forward these logs to Sekoia.io.
## Specification

### Prerequisites

- **Resource**:
- Self-managed syslog forwarder
- **Network**:
- Outbound traffic allowed
- **Permissions**:
- Administrator rights on the TanOS console
- Root access to the Linux server with the syslog forwarder

### Transport Protocol/Method

- **Indirect Syslog**

### Logs details

- **Supported functionalities**: See section [Overview](#overview)
- **Supported type(s) of structure**: Text Plain
- **Supported verbosity level**: Informational

## Step-by-Step Configuration Procedure

### Instructions on the 3rd Party Solution

#### Forward Tanium Logs to Sekoia.io

This setup guide will show you how to forward your Tanium logs to Sekoia.io by means of a syslog transport channel.

#### Detailed Procedure:

1. **Enable Syslog Forwarding:**

- Follow [this guide](https://help.tanium.com/bundle/ug_appliance_onprem/page/appliance/syslog.html) to enable syslog forwarding for events.
- Set the syslog-forwarder as the destination of the syslog configuration.
We recommend to disable TLS and enable TCP octet framing and RFC5424 output format.

{!_shared_content/operations_center/integrations/generated/59991ced-c2a0-4fb0-91f3-49e3993c16f5_sample.md!}

Expand All @@ -23,3 +58,7 @@ Tanium logs can be collected under the rsyslog format and then forward to Sekoia
{!_shared_content/operations_center/detection/generated/suggested_rules_59991ced-c2a0-4fb0-91f3-49e3993c16f5_do_not_edit_manually.md!}

{!_shared_content/operations_center/integrations/generated/59991ced-c2a0-4fb0-91f3-49e3993c16f5.md!}

## Further readings

- [Configuring TanOS to send Syslog Events](https://help.tanium.com/bundle/ug_appliance_onprem/page/appliance/syslog.html)
Loading