Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to integrate Tanium with Splunk?

akshatj2
Path Finder
‎02-01-2018 04:13 AM

Hi,

We need to integrate Tanium with Splunk but it seems there are no app/or add-on available. I tried to search online and everywhere its mentioned it can be easily integrated but no information is available. Can anyone provide me with details for integration. Also the modules available in tanium that is supported with Splunk.

0 Karma
Reply

ussina04
Explorer
‎11-09-2018 08:24 AM

I did have covered the steps from the above document.

But still we are not able to see any relevant data. i have seen these logs like thousands of time :

2018-11-07T05:33:06.609000-08:00 "thetaniumservername" Tanium[1299088] 5

0 Karma
Reply

muralikoppula
Communicator
‎10-08-2018 12:17 PM

Here is the Splunk configuration guide - https://docs.tanium.com/connect/connect/siem.html

The syslog-ng server need to be configured on source(Tanium) side to send logs to Splunk

0 Karma
Reply

ussina04
Explorer
‎10-08-2018 11:40 AM

Is the app going to be installed only on search heads or both searchheads and forwarder..??

0 Karma
Reply

akshatj2
Path Finder
‎10-08-2018 12:26 PM

The app is used to build dashboards and reports from Tanium logs and contain only search time operations.

It needs to be installed on Search Head only.

To integrate tanium with Splunk, tanium has inbuilt connector which can be configured to send tanium queries as events to Splunk(a total of 19 queries are executed by tanium).

you need to enable a syslog input on specific port on your forwarder and set sourcetype to "tanium" in inputs.conf.

Reply

TGanga
Explorer
‎02-11-2019 11:22 PM

I'm trying to integrate Tanium Connect with Splunk Cloud ( Not Splunk Enterprise ) to forward data from Tanium to Splunk Cloud in the 'syslog' format. In this regard, I would like to know details on the following - 1. Connection settings that need to be done in Tanium Connect ( like what to be filled in port no ,host name etc ) , 2. Is there any difference in forwarding data from Tanium Connect to Splunk Enterprise and Splunk Cloud OR is it same for both, 3. what are the list of ports that need to be opened in the system where Tanium console is installed, 4. Which port is used for communication between Tanium connect and Splunk cloud, 5. Any URL that need to be white-listed in the Firewall that is present in the network where, Tanium is present, 6. what are the methods that are implemented in Splunk cloud to secure data, 7. What are the security measures that are followed while sending data from Tanium to Splunk cloud etc.,

0 Karma
Reply

rnoyes
New Member
‎06-04-2018 12:40 PM

To ingest Tanium data you will need to have configured a Connector within the Tanium console. Saved questions, Detect, IOC and various other iformation can be forwarded to Splunk and utilized within the Splunk app mentioned in the previous post. Tanium support or the Tanium Connect user guide provides details on how to set this up.

0 Karma
Reply

Anam
Community Manager
Community Manager
‎02-01-2018 10:28 AM

Hey akshajt2

I found this app on splunkbase: https://splunkbase.splunk.com/app/1862/
I don't have any experience with it but it might be what you are looking for.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...