Tanium-ServiceNow Integration

TarunSidana201 · ‎04-03-2019

Hi,

I am trying to explore the Security Operations tanium Integration plugin. Can I please get an information on what all field related data can be gathered with tanium? Example: IP address, serial number, MAC address etc. What would be a preffered solution: Qualys or Tanium if we are to get all the above mentioned fields data for let's say a workstation or a server through discovery? Is there an app similar to the Qualys CMDB sync app for Tanium?

Any way forward will be appreciated.

andy_ojha · ‎04-04-2019

Hey there,

Currently, the Tanium Endpoint integration for SecOps is targeted for integration with Security Incident Response. The use-case for this is to obtain a listing of the running processes for a particular CI, retrieved via Tanium Endpoint to enrich a Security Incident Response record with this data.

Unfortunately, this integration does not currently cover the use-case of populating the ServiceNow CMDB with CIs or enriching existing CIs with data via Tanium Endpoint.

Reference: https://docs.servicenow.com/bundle/madrid-security-management/page/product/secops-integration-sir/secops-integration-tanium/task/activate-configure-tanium.html

View solution in original post

Eric Feron · ‎04-04-2019

Hi TarunSidana,

thank you for your interesting question.

Could you share a few more details about your setup and use case.

Also, are looking at Tanium in terms of Vulnerability Response or Incident Response?

Thanks.

TarunSidana201 · ‎04-04-2019

Actually both but more towards vulnerability response side. We use Qualys here but were looking for an alternative especially one that could give us more data in terms of fields. Serial number for workstations or servers is one of the most important things that we require but aren't getting it through Qualys. Therefore, I wanted to know what all field level data can Tanium give us.

Also if there is a step by step document for Servicenow-Tanium Integration available that would be even better.

andy_ojha · ‎04-04-2019

Hey there,

Currently, the Tanium Endpoint integration for SecOps is targeted for integration with Security Incident Response. The use-case for this is to obtain a listing of the running processes for a particular CI, retrieved via Tanium Endpoint to enrich a Security Incident Response record with this data.

Unfortunately, this integration does not currently cover the use-case of populating the ServiceNow CMDB with CIs or enriching existing CIs with data via Tanium Endpoint.

Reference: https://docs.servicenow.com/bundle/madrid-security-management/page/product/secops-integration-sir/secops-integration-tanium/task/activate-configure-tanium.html