You can create a connection in Tanium Connect to send a notification when the NAC starts or stops, when an endpoint is quarantined, when a rule match is returned for an endpoint, when a rule is approved or denied, and when rule match violation occurs. You can send these notifications to destinations such as email, SIEM, or Splunk.
- You must have Connect installed. For more information, see Tanium Connect User Guide: Installing Tanium Connect.
- You must have Connect User role to create a connection, and the Network Quarantine service account must have the Connect User role to send notifications. For more information about configuring user roles, see Tanium Core Platform User Guide: Assign roles to a user.
Configure notifications in Connect
- Create the connection.
- From the Main menu, open Connect. Click Create Connection.
- Name the connection.
In General Information, confirm that Enable is selected.
- Configure the data source.
- (Optional) Filter the data.
You can optionally filter for new items, regular expressions, numeric operators, or unique values from data columns.
- Configure the connection destination.
Select any of the connection destinations that are listed in the Select Destination menu. Common choices for notifications include Email, SIEM, and Splunk. However, you can use any of the available destinations. For more information, see the Tanium Connect User Guide. Complete the required fields and click Create Connection.
Last updated: 5/22/2020 11:22 AM | Feedback