Exporting findings and assessments

Create a connection in Tanium Connect to export compliance and vulnerability findings to Connect destinations, such as Email, File, HTTP, Socket Receiver, Splunk, and SQL Server.

The following instructions will export all compliance findings and all vulnerability findings. See Export assessments for instructions to export one assessment at a time.

Use the Tanium Comply (Assessments) Source in Connect to export vulnerability assessments. See Exporting vulnerability assessments. This provides the same functionality the Tanium Comply Source provided in previous versions.

Before you begin

  • You must have access to Connect with the Connect User role.
  • To customize columns, you must have Connect 4.9.49 or later and Comply 2.10.841 or later.

Exporting Findings

  1. From the Connect menu, click Connections and then click Create Connection.
  2. Enter a name and description for your connection in the General Information section.
  3. In the Advanced section, set the following:
    • Log level:By default, the logging is set to Information. To reduce the amount of logging, you can set the log level to Warning, Error, or Fatal.
    • Minimum Pass Percentage: Minimum percentage of the expected rows that must be processed for the connection to succeed.
  4. In the Configuration section set the Source and Destination as follows:
    1. Select Tanium Comply (Findings) as the Source.
    2. In the Finding Type list, select Compliance or Vulnerability.
    3. If needed, modify the Advanced Settings for the source:
      • Query Timeout: Specifies the timeout for the request.
      • Batch Size: Specifies how many rows are exported.
  5. Configure the connection destination.
    Select a connection destination from the Destination list. Provide the configuration information for the destination you select. For more information on configuring destinations, see the Tanium Connect User Guide: Connection destinations.
  6. Configure the Format for the data. For information on configuring the format, see the section on the destination type that you selected in the Tanium Connect User Guide.
  7. (Optional) In the Configure Output section, configure a Filter.

    You can use filters to modify the data that you are getting from your connection source before it is sent to the destination.

    For more information about the types of filters you can configure, see Tanium Connect User Guide.

  8. Configure the Schedule for the connection. For information on how to run connections on a schedule, see Tanium Connect User Guide: Schedule connections. Enable the connection to run on a schedule.

    Select Enable. You can set up the schedule when you configure the rest of the connection. If the schedule is not enabled, the connection only runs when you manually run it.
  9. Click Save or Save and Run.

Exporting vulnerability assessments

Create a connection in Tanium Connect to export data from vulnerability reports to Connect destinations, such as Email, File, HTTP, Socket Receiver, Splunk, and SQL Server.

Create a connection

  1. From the Connect menu, click Connections and then click Create Connection.
  2. Enter a name and description for your connection in the General Information section.
  3. In the Advanced section, set the following:
    • Log level:By default, the logging is set to Information. To reduce the amount of logging, you can set the log level to Warning, Error, or Fatal.
    • Minimum Pass Percentage: Minimum percentage of the expected rows that must be processed for the connection to succeed.
  4. In the Configure section set the Source and Destination as follows:
    1. Select Tanium Comply (Assessments) as the Source.
    2. In the Assessment Type list, Vulnerability is selected by default and is the only report type supported for use with Connect.
    3. Select an assessment from the Assessment Name list.
    4. The Include Endpoint findings and Include CVE details options determine which rows are exported from the assessment. Select one or both of these options.
    5. If needed, modify the Advanced Settings for the source:
      • Question Timeout: Specifies the timeout for the request.
      • Polling Interval: Specifies how often Comply is polled for updated data while the connection is active.
      • Batch Size: Specifies how many rows are exported.
      • Question completion percentage: The percentage of endpoints to provide responses from before exporting findings.
    6. Configure the connection destination.
      Select a connection destination from the Destination list. Provide the configuration information for the destination you select. For more information on configuring destinations, see the Tanium Connect User Guide: Connection destinations.
  5. Configure the Format for the data. For information on configuring the format, see the section on the destination type that you selected in the Tanium Connect User Guide.
  6. (Optional) Configure a Filter.

    You can use filters to modify the data that you are getting from your connection source before it is sent to the destination.

    For more information about the types of filters you can configure, see Tanium Connect User Guide.

  7. Configure the Schedule for the connection. For information on how to run connections on a schedule, see Tanium Connect User Guide: Schedule connections. Enable the connection to run on a schedule.

    Select Enable. You can set up the schedule when you configure the rest of the connection. If the schedule is not enabled, the connection only runs when you manually run it.
  8. Click Save or Save and Run.

Test a connection and review report data

  1. From the Connect menu, click Connections.
  2. Click the connection that you created for your Comply report.
  3. Click Run Now. Confirm that you want to run the connection.
  4. View the summary of the run.
  5. View the assessment or finding in the destination that you configured for the connection.