Configuring notifications

You can create a connection in Tanium Connect to send a notification when the NAC starts or stops, when an endpoint is quarantined, when a rule match is returned for an endpoint, when a rule is approved or denied, and when rule match violation occurs. You can send these notifications to destinations such as email, SIEM, or Splunk.

Prerequisites

Configure notifications in Connect

  1. Create the connection.
    1. From the Main menu, open Connect. Click Create Connection.
    2. Name the connection. In General Information, confirm that Enable is selected.

  2. Configure the data source.
    1. In Data Source, select the Event source.
    2. Choose the Network Quarantine event group, then select the events for which you want to generate a notification.
  3. (Optional) Filter the data.
    You can optionally filter for new items, regular expressions, numeric operators, or unique values from data columns.
  4. Configure the connection destination.
    Select any of the connection destinations that are listed in the Select Destination menu. Common choices for notifications include Email, SIEM, and Splunk. However, you can use any of the available destinations. For more information, see the Tanium Connect User Guide. Complete the required fields and click Create Connection.

Last updated: 11/2/2018 1:37 PM | Feedback