You can create a connection in Tanium Connect to send a notification when the NAC starts or stops, when an endpoint is quarantined, when a rule match is returned for an endpoint, when a rule is approved or denied, and when rule match violation occurs. You can send these notifications to destinations such as email, SIEM, or Splunk.
- You must have Connect installed. For more information, see Tanium Connect User Guide: Installing Tanium Connect.
- You must have the Connect User role to create a connection, and the Network Quarantine service account must have the Connect User role to send notifications. For more information about configuring user roles, see Tanium Core Platform User Guide: Assign roles to a user.
Configure notifications in Connect
- Create the connection.
- From the Main menu, go to Modules > Connect to open the Connect Overview page. Click Create Connection.
- Specify a name and description for the connection.
- Configure the data source.
- Configure the connection destination.
Select any of the connection destinations that are listed in the Select Destination menu. Common choices for notifications include Email, SIEM, and Splunk. However, you can use any of the available destinations. For more information, see the Tanium Connect User Guide. Complete the required fields and click Create Connection.
Last updated: 2/23/2021 3:42 PM | Feedback