Configuring AWS S3 destinations

Before your connections can successfully send data to a destination, your Tanium as a Service instance must be configured. Contact Tanium Support with the destination URL or IP and service port to submit a request.

For more information, see Tanium as a Service Deployment Guide: Proxy access.

With Amazon Web Services (AWS) S3, you can store and retrieve data in real time from almost any type of structured and unstructured data source. With Connect, Tanium can write data directly to AWS S3.

Specify general connection information

  1. On the Connect Overview page, scroll to the Connections section and click Create Connection.
  2. Enter a name and description for the connection.
  3. (Optional) In the General Information section, expand Advanced to configure the following settings:

    Log Level

    By default, the logging is set to Information. Set the log level to Trace or Debug if you are debugging the connection. To reduce the amount of logging, you can set the log level to Warning, Error, or Fatal.

    By default, the logging is set to Information. Set the log level to Trace or Debug if you are debugging the connection. To reduce the amount of logging, you can set the log level to Warning, Error, or Fatal.


    Minimum Pass Percentage

    Minimum percentage of the expected rows that must be processed for the connection to succeed.

    Memory Ceiling (GB)

    Maximum memory for the node process to run the connection.

Configure the connection source

The connection source determines what data you are sending to the destination. This data is usually information from Tanium, such as a saved question, question log, client status, or event. The settings vary depending on which source you choose.




Configure AWS S3 destination

  1. Select AWS S3 for the destination and provide a destination name.
    • You can specify a unique name to save the configuration information as a new destination, or select an existing AWS S3 destination from the list.
    • If you edit the settings for an existing destination, all connections that use that destination are affected.
    • To clone an existing destination, select the existing destination and change the name.
  2. Specify authentication credentials, including AWS access key, secret access key, bucket name, and file name.
    You can use a variable for both the bucket name and the file name, as listed in Reference: Variables.
  3. (Optional) Configure advanced settings. In the Configuration section, under the destination settings, expand Advanced.
    1. If you have a proxy configured for your Tanium Module Server, select Use Tanium Module Server Proxy Setting.
    2. To use an endpoint other than the default endpoint that is associated with your AWS credentials, provide the host.
  4. (Optional) To use an endpoint other than the default endpoint that is associated with your AWS credentials, expand Advanced and provide the host.

Configure filters

(Optional) In the Configure Output > Filters section, you can specify filters to modify the data that you are getting from your connection source before it is sent to the destination.

For more information about the types of filters you can configure, see Reference: Filtering options.

Format data for AWS S3

In the Configure Output > Format section, you can choose to save your data in all of the available formats, as listed in Reference: Format types. Each format has slightly different configuration options, but all allow you to choose which column data to save.

In the Configure Output > Columns section, you can change the Destination Label of each column and Value Type to force the column to be a String, Numeric, or Date/Time value.

If you choose Numeric for the value, you can specify a default value that is used if the data cannot be coerced into a numeric value. You can specify any negative or positive number.

If you choose Date/Time for the value, specify the Date/Time format that you want to use for the column. For more information about using a variable, see Time stamp variables.


Schedule the connection

Connections can run at a highly configurable time interval, such as multiple times per hour, day, week, or month.

If you do not enable the schedule, the connection only runs when you manually run it.

Use the Schedule section to update the schedule:

  • Select Enable schedule.
  • In the Schedule Type, select Basic to build a schedule with the provided controls.
  • To view or edit the Cron expression directly, select Advanced - Define as a Cron Expression, and use the Advanced field to edit the Cron expression.

For more information about Cron syntax, see Reference: Cron syntax.

Save and verify connection

  1. After you enter the details for the connection, click Save.

    To save the connection and immediately run the connection, click Run and Save.

    If needed, resolve any errors or missing information. After the connection creates successfully, the connection details display.

  2. To view details when the connection runs, click the Logs tab.
  3. To view an individual run log, expand the row table.