Exporting vulnerability reports

Create a connection in Tanium Connect to export data from vulnerability reports to Connect destinations, such as Email, File, HTTP, Socket Receiver, Splunk, and SQL Server.

Before you begin

  • You must have access to Connect with the Connect User role.
  • You must have Connect 4.10.5 or later and Comply 2.1.0 or later.

Create a connection

  1. From the Connect menu, click Connections and then click Create Connection.
  2. Enter a name and description for your connection in the General Information section.
  3. In the Advanced section, set the following:
    • Log level:- By default, the logging is set to Information. To reduce the amount of logging, you can set the log level to Warning, Error, or Fatal.
    • Minimum Pass Percentage: Minimum percentage of the expected rows that must be processed for the connection to succeed.
    • Memory Ceiling: Maximum sum of memory (Gb) for all node processes to run connections.
  4. In the Configure section set the Source and Destination as follows:
    1. Select Tanium Comply as the Source.
    2. In the Report Type list, Vulnerability is selected by default and is the only report type supported for use with Connect.
    3. Select a report from the Report Name list.

      If you have multiple reports with the same name, you can use the report hash to distinguish them.

    4. The Include Endpoint findings and Include CVE details options determine which rows are exported from the report. Select one or both of these options.
    5. If needed, modify the Advanced Settings for the source:
      • Question Timeout: Specifies the timeout for the request.
      • Polling Interval: Specifies how often Comply is polled for updated data while the connection is active.
      • Batch Size: Specifies how many rows are exported.
    6. Configure the connection destination.
      Select a connection destination from the Destination list. Provide the configuration information for the destination you select. For more information on configuring destinations, see the Tanium Connect User Guide: Connection destinations.
  5. Configure the Format for the data. For information on configuring the format, see the section on the destination type that you selected in the Tanium Connect User Guide.
  6. (Optional) Configure a Filter.

    You can use filters to modify the data that you are getting from your connection source before it is sent to the destination.

    For more information about the types of filters you can configure, see Tanium Connect User Guide.

  7. Configure the Schedule for the connection. For information on how to run connections on a schedule, see Tanium Connect User Guide: Schedule connections. Enable the connection to run on a schedule.

    Select Enable. You can set up the schedule when you configure the rest of the connection. If the schedule is not enabled, the connection only runs when you manually run it.
  8. Click Save or Save and Run.

Test a connection and review report data

  1. From the Connect Home page, click Connections.
  2. Click the connection that you created for a vulnerability report.
  3. Click Run Now. Confirm that you want to run the connection.
  4. View the summary of the run.
  5. View the vulnerability report in the destination that you configured for the connection.