Browse Guides

Tanium Integration
Reading mode
Copy Link
Link Copied!
Print
Feedback
This guide has multiple versions available:
<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}.fr-fic.fr-dii{ float: none; margin: 5px auto;}.fr-fic.fr-dii.fr-fil{ float: left; margin: 5px auto;}.fr-fic.fr-dii.fr-fir{ float: right; margin: 5px auto;}img.fr-dib.fr-fir { margin-right: 0; text-align: right;}img.fr-dib.fr-fil { margin-left: 0; text-align: left;}img.fr-dib { margin: 5px auto; display: block; float: none;}img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC;}img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc;}img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;}</style><style> p { margin: 0; } span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left: 0; padding-left: 5px; } blockquote blockquote { border-color: #00bcd4; color: #00bcd4; } blockquote blockquote blockquote { border-color: #43a047; color: #43a047; } table.grid { border-collapse: collapse; } table.grid td, table.grid th { border: 1px solid #ddd; } .fr-fic.fr-dib { display: block; margin: 5px auto; } .fr-fic.fr-dib.fr-fir { text-align: right; margin: 5px 0 5px auto; } .fr-fic.fr-dib.fr-fil { text-align: left; margin: 5px auto 5px 0; } .fr-fic.fr-dii { float: none; margin: 5px auto; } .fr-fic.fr-dii.fr-fil { float: left; margin: 5px auto; } .fr-fic.fr-dii.fr-fir { float: right; margin: 5px auto; } img.fr-dib.fr-fir { margin-right: 0; text-align: right; } img.fr-dib.fr-fil { margin-left: 0; text-align: left; } img.fr-dib { margin: 5px auto; display: block; float: none; } img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC; } img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc; } img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box; } </style><p><strong>In this guide we will cover:</strong></p><p id="isPasted"><strong>- Connecting to Tanium</strong></p><p><strong>- Determine Asset Site</strong></p><p><strong>- Asset Imports</strong></p><p><strong>- Import Assets automatically on a schedule</strong></p><p><strong>- Alerting</strong></p><p><br></p><p><br></p><p><strong><span style="font-size: 14pt;">What is the Tanium integration?</span></strong></p><p>The Tanium integration with Halo can be used to import sites and assets from Tanium into Halo. Assets can be set to import automatically on a schedule so that any changes made to assets in Tanium sync over to Halo automatically. Alerts can be synced from Tanium into Halo too, having a ticket logged automatically in Halo when an alert is raised in Tanium. This integration is multi-tenanted, allowing you to connect multiple Tanium tenants to your Halo instance.&nbsp;</p><p><br></p><p><strong><em>Note: This integration is only available for cloud hosted instances of Tanium.&nbsp;</em></strong></p><p><br></p><p><strong><span style="font-size: 14pt;">Connecting to Tanium</span></strong></p><p id="isPasted">First head to Configuration &gt; Integrations and enable the Tanium module.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImJlZGQ4MWQ0LTdkNzMtNGM1Yy04YzRkLTdiMGRiMTE1MDQzYiJ9.sNiT21SY6rCSZAOz5nWP3hqs42Za3m9Q1olOrAyQy20" class="fr-fic fr-fil fr-dib" width="248" style="width: 250px; height: 124.552px;" height="125"></p><p><strong><span style="font-size: 10pt;">Fig 1. Enable integration module</span></strong></p><p><br></p><p>Once enabled click into the module to begin configuration. Click new to create a new connection.</p><p><br></p><p>Now you will need to enter connection details to connect your Halo instance to Tanium.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImI3ZGI1N2QwLTU1ZTktNGQ5Zi1hNWJlLTIwYzVmMjk2ODFiOCJ9.Etj6DmkavmLUEuay38fdTAF3N32iRGpp-jH8_fC6BHk" class="fr-fic fr-fil fr-dib" width="1490" style="width: 1492px; height: 493.954px;" height="494"></p><p><strong><span style="font-size: 10pt;">Fig 2. Tanium connection details</span></strong></p><p><br></p><p><strong>Name&nbsp;</strong>- Here, give your connection a sensible name.&nbsp;</p><p><strong>URL&nbsp;</strong>- Here, enter the URL of your Tanium instance.&nbsp;</p><p><strong>API Url</strong> - Here, enter the API URL of your Tanium instance, this will usually follow the format <a data-fr-linked="true" href="https://shamrock-api.cloud.tanium.com">https://YOURDOMAIN-api.cloud.tanium.com</a></p><p><strong>API Token</strong> - Here, you will need to enter an API token, this will need to be generated in Tanium.&nbsp;</p><ul><li><strong>Expiry Date-</strong> Here, you will need to enter the expiry date of the API Token, more information on this below</li></ul><p style="margin-left: 20px;"><strong><span style="font-size: 12pt;">Creating an API Token in Tanium</span></strong></p><p id="isPasted" style="margin-left: 20px;">The permissions the API token has will be inherited from the user that generates the token. Therefore, before generating the token ensure the user generating the token has a persona containing the following permissions (these permissions are required for the integration):</p><ul><li>&#39;Gateway User&#39;</li><li>&#39;Interact Basic User&#39;</li></ul><p style="margin-left: 20px;">For information on how to create an API token in Tanium check out <a href="https://help.tanium.com/bundle/tn_sn/page/ServiceNow_Integrations/Create_API_key.htm" target="_blank" rel="noopener noreferrer"><strong>Tanium&#39;s documentation</strong></a>.</p><p style="margin-left: 20px;"><br></p><p style="margin-left: 20px;"><strong><em>Note: Ensure the access token generated has permission to query assets and have the IP address of the server the integration is running from as a trusted IP address.</em></strong></p><p style="margin-left: 20px;"><br></p><p style="margin-left: 20px;">When generating a token in Tanium you can specify the expiry of the token (Tanium does not allow lifetime tokens), the access token will expire on this date but Halo will obtain a new token automatically prior to expiry. To allow us to automatically rotate the tokens, you will need to enter the expiry date of the token in the integration setup in Halo. This will then get automatically updated when Halo rotates the token, this only needs to be manually updated if you change the token yourself.</p><p><br></p><p>Once you have entered your connection details you can test the connection using the &#39;Test Configuration&#39; button on the integration setup page.&nbsp;</p><p><br></p><p><strong><span style="font-size: 14pt;">Determine Asset Site</span></strong></p><p id="isPasted">Now head to the &#39;Sites&#39; tab. Assets in Halo need to belong to a site, as Tanium does not have a concept of &#39;sites&#39; or &#39;customers&#39; so you will need to configure some site rules to determine which Halo sites assets are imported into. &nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxMGI5OTI1LTA4NzAtNDY2Mi04ZDkyLThmMGM0ODFlY2I0YSJ9.7SixrrRJpZK7II-AE4HYRh9vXtHDGFcI8_ybY-r7bAY" class="fr-fic fr-fil fr-dib" width="1500" style="width: 1502px; height: 485.262px;" height="485"></p><p><strong><span style="font-size: 10pt;">Fig 3. Site import setup</span></strong></p><p><br></p><p id="isPasted">To create a site mapping rule add to the &#39;Site Rules&#39; table. Here you can set some criteria based on an asset field, if an asset meets this criteria it will be imported to the selected site. In the figure 4 example any assets that have the &#39;asset number&#39; field starting with &#39;Terrys-&#39; will be imported to the customer Terry&#39;s Chocolate and the site &#39;Melbourne&#39;.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU2ZDY2OGE4LTU4OGQtNGYyZi04N2RlLThkY2EzZTUyMDQxMSJ9.4mVVTR4wXp1zFT0VKOMA4V8JjnUajjK4rrs-deQwe0c" class="fr-fic fr-fil fr-dib" width="569" height="428"></p><p><strong><span style="font-size: 10pt;">Fig 4. Example site rule&nbsp;</span></strong></p><p><br></p><p id="isPasted">You will also need to set a default site, this is the site that assets will be imported to if they do not match a mapping. If you would not like assets to be imported if they do not match a site rule select &#39;Don&#39;t import Assets that do not match any rules&#39;.&nbsp;</p><p><br></p><p><strong><span style="font-size: 14pt;">Asset Imports</span></strong></p><p id="isPasted">Head to the &#39;Assets&#39; tab. Here you will need to complete some configuration to control how assets are imported.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYzMWE5MWFlLThkNjQtNGJiYy1iZTlhLTNhZWQxNjE5NDhhZiJ9.ms6ylOmJduchCrgyOhODGhFkyk0JjoxmhYOw4I6qqnA" class="fr-fic fr-fil fr-dib" width="1516" style="width: 1518px; height: 674.044px;" height="674"></p><p><strong><span style="font-size: 10pt;">Fig 5. Asset import configuration</span></strong></p><p><br></p><p id="isPasted"><strong>Asset matching Field</strong> - Here you can set which field is used to match assets in Tanium to assets in Halo. The asset unique identifier field should be selected here.&nbsp;</p><p><br></p><p id="isPasted"><strong><span style="font-size: 12pt;">Asset Fields</span></strong></p><p>In the field mappings table you can map a Tanium field to a Halo field, this determines which field data from Tanium gets imported into in Halo.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImU1YWMzM2UzLTdiMGQtNDMwZS04MTE4LWNkMjdiYWRiMzA5MyJ9.LnbzIFR_M84uG0LMnt_5fxXuBhHCQVcJts_Dc8_YmEg" class="fr-fic fr-fil fr-dib" width="580" height="333"></p><p><strong><span style="font-size: 10pt;">Fig 6. Asset field mappings</span></strong></p><p><br></p><p><strong>Field Type</strong> - This will be the type of Halo field the data will be imported into. See our guide on <a data-fr-linked="true" href="https://usehalo.com/haloitsm/guides/1785/" id="isPasted" target="_blank" rel="noopener noreferrer"><strong>Asset Fields</strong></a> if you are unsure on the difference between asset fields and custom fields in Halo.&nbsp;</p><p><br></p><p id="isPasted">You can also have a Tanium field create a new field against an asset in Halo by selecting &#39;*Create a new Field during the next import*&#39; in the Halo service desk field.&nbsp;</p><p><br></p><p id="isPasted"><strong><span style="font-size: 12pt;">Determine Asset types</span></strong></p><p><span style="color: rgb(0, 0, 0);">All assets in Halo must be assigned an asset type. Tanium does not have a concept of asset types so you will need to configure how asset types are determined for assets imported from Tanium. There are three options in Halo to control how asset types for new assets created from Tanium are determined.</span></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNlMzVkYjExLTYzMzktNGFiZC1iNmRiLTk3MmVkZDYxYWM2ZiJ9.yjAWn_H7u-4gbPSLwrKaSjW9IGEPJrmDGpOmdXOYU7Q" class="fr-fic fr-fil fr-dib" width="1589" height="273"></p><p><strong><span style="font-size: 10pt;">Fig 7. Fields to determine asset types</span></strong></p><p><br></p><p>First set a default asset group, this will be the group new asset types are created under (each asset type in Halo sits within an asset group).&nbsp;</p><p><br></p><p>Use the &#39;Determining an Asset&#39;s type&#39; field to determine how asset types are assigned to imported assets. The asset types of the assets can either use a fixed type for all assets, be determined from a field, or use asset type mappings that are determined using rules based on the values of the mapped asset fields.</p><p><br></p><p><strong>Use a Fixed Type</strong></p><p>If you would like all imported assets to have the same asset type when imported set the &#39;Determining an Asset&#39;s type&#39; field to be &#39;use the same type for all Assets&#39; then set the &#39;Default Asset Type&#39; field to be the asset type you would like assets from Tanium to be. Figure 8 shows how to set this so all assets are imported as the &#39;Application Server&#39; asset type.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNhODYwM2UzLWFlNjgtNGY4My1hNDMxLWJjNzZiN2Q2M2FmOSJ9.f4NQa2OIg0nDxJFynY9W1lRMmolRIkRj4_5h6mXbY8w" class="fr-fic fr-fil fr-dib" width="508" style="width: 510px; height: 261.22px;" height="261"></p><p><strong><span style="font-size: 10pt;">Fig 8. Settings for assets to be imported as the same type</span></strong></p><p><br></p><p><strong>Determine Asset type using a field</strong></p><p id="isPasted">If you would like all imported assets&#39; types to be determined by a particular field, set the set the &#39;Determining an Asset&#39;s type&#39; field to be &#39;Use a field to determine each Asset&#39;s type&#39;. Then in &#39;Field for determining an Asset&#39;s type&#39; choose the field you would like the type to depend on. The field you choose must contain the name of the desired asset type, if this name can be matched to an existing asset type in Halo, it will be assigned this asset type. If the name is not the same as an asset type in Halo, a new asset type will be created. Note that the names must be identical in order to match.&nbsp;</p><p><br></p><p>This setting is used if you have a field in Tanium that already determines an asset&#39;s type and you would like the types to be consistent between Halo and Tanium. You will still need to populate the default asset type field, assets that do not have the selected field populated will be imported as the default asset type. In figure 9 asset types will be determined by the value in the field &#39;Chassis Type&#39;.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImY3ZTdkZDk1LWJhMzUtNGU5MC04ODhlLWU2MTI5MDc3YTI0MSJ9.APpE_kKA-q7WkaWh8yL_UMSeCQixrS6Z3BuepqpYKuU" class="fr-fic fr-fil fr-dib" width="564" style="width: 566px; height: 319.747px;" height="320"></p><p><strong><span style="font-size: 10pt;">Fig 9. Settings for asset types to be determined by a field</span></strong></p><p><br></p><p><strong>Determine Asset type using rules</strong></p><p id="isPasted">If you would like asset types to be determined by asset rules set the set the &#39;Determining an Asset&#39;s type&#39; field to be &#39;Determine asset type using rules&#39;. Now you will be able to set asset&#39;s types based on rules, These rules are based on field values, and if matched will assign an asset to the chosen asset type. When creating a rule first add criteria for the rule, select the Halo field that you would like to base the criteria on, then set the rule type and the outcome needed in the field to match the rule. If an asset matches this rule it will be imported as this asset type. For example, in figure 10 the rule I have set up will check the name field of an asset, if the name begins with &#39;LAP&#39; the asset will be imported with the &#39;Laptop&#39; asset type.&nbsp;</p><p><br></p><p>This method is used when you would like to organise the asset types assets are created as but do not already have this information stored in a field in Tanium.</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU5YzhhMzY2LTY0Y2QtNDczOS04NWVmLWI5NGRiMDM4MzFiYyJ9.FKI3SJUoPbCZMpY8E5ocPrxG0oPzOj9UU_ubzI598IA" class="fr-fic fr-fil fr-dib" width="1470" style="width: 1472px; height: 381.869px;" height="382"></p><p><strong>Fig 10. Determining asset type with rule setup</strong></p><p><br></p><p id="isPasted">If an asset is imported that does not match any of these rules, it will be created under the default asset type. Alternatively, if you would like to not import assets that do not match these rules, set the &#39;Default Asset type&#39; to &#39;Don&#39;t import assets that do not match any rules&#39;.</p><p><br></p><p data-pasted="true"><strong>User Matching</strong></p><p>You can enable user matching using the checkbox in the User Matching section of the &#39;Assets&#39; tab. Here you can set the Halo and Tanium fields to match users on. For Tanium you can choose to match on the primary user or last user logged in using the drop down. This will default to the last logged in user in line with previous versions. &nbsp;</p><p><br></p><p>The primary Halo matching field can be chosen using the &quot;Halo User Matching Field&quot; drop down. You can set a secondary field to match on if the primary field fails. These fields can be allowed to partially match by selecting the checkbox shown in<strong>&nbsp;Fig 11</strong>.&nbsp;</p><p><br><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjcxOWJhOGFhLWU0NGQtNDU3ZC04NGU4LTQ4ZmU5ZWFiM2VjNCJ9.OTZLGlFHlkmAzk8zRrCBD0T9gPlmXNWgEsZ4fYIUNyA" class="fr-fic fr-fil fr-dib" width="863" style="width: 865px; height: 327.135px;" height="327"></p><p data-pasted="true"><strong>Fig 11. User Matching</strong></p><p><br></p><p><strong><span style="font-size: 12pt;">Miscellaneous Asset import settings</span></strong></p><p id="isPasted"><strong>Deactivate Assets in Halo when they are deleted from Tanium (Halo Integrator only)&nbsp;</strong>- When an asset is deleted from Tanium they are deactivated in Halo. This will only apply when the integrator is enabled.&nbsp;</p><p id="isPasted"><strong>Don&#39;t create new Assets</strong> - When enabled the sync/import will only update existing assets, no new assets will be created.&nbsp;<br><strong>Don&#39;t update the Asset type for existing or matched Assets&nbsp;</strong>- If enabled, any assets that match to an existing asset when importing will not update the existing asset with a different asset type from Tanium. This allows you to change asset type data in Tanium without it affecting the existing assets in Halo.</p><p><strong>Don&#39;t update the asset site for existing or matched assets</strong> - If enabled, any assets that match to an existing asset when importing will not update the existing asset with a different site (in line with site rules). This allows you to change asset data in Tanium without it affecting the site of the existing assets in Halo.</p><p><br></p><p>Once you have completed the asset import configuration begin the asset import using the &#39;Import Assets&#39; button.&nbsp;</p><p><br></p><p><strong><span style="font-size: 14pt;">Import Assets automatically on a schedule</span></strong></p><p id="isPasted">To have assets update on a scheduled basis you will need to enable the Halo integrator for this integration. This can be done under the &#39;Syncing&#39; tab by checking &#39;Enable the Halo Integrator for the Tanium integration&#39;. You will then need to select &#39;Assets&#39; within the &#39;Entities to import&#39; field. Once enabled the sync will take place daily.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjUxNWVkYWY2LWJkMWEtNDVlOC1hZjU0LWM5YTA5ZDBiZTgzYyJ9.EyYkrmRoC5jVDtv99w3B7YdvWHM9_sNek8eziWwk2C0" class="fr-fic fr-fil fr-dib" width="863" style="width: 865px; height: 481.658px;" height="482"></p><p><strong><span style="font-size: 10pt;">Fig 12. Enable the Halo integrator for the integration</span></strong></p><p><br></p><p><strong><span style="font-size: 14pt;">Alerting</span></strong></p><p>Alerts in Tanium can automatically log tickets in your Halo instance, allowing you to manage alerts from your Tanium instance. Tanium webhooks are utilised for alerting functionality.</p><p><br></p><p><span style="color: rgb(226, 80, 65);"><strong>Important: Before you can setup webhooks for alerting you will need to add the webhook destination URL (your Halo instance URL) to the egress allow list. You will need to contact Tanium&#39;s support team to do this, providing them with the URL of your Halo instance.&nbsp;</strong></span></p><p><br></p><p>First, head to the &#39;Alerts&#39; tab within the integration setup page in Halo. From here enable alerts. Once enabled you will see the details required for the webhook setup. The webhook will need to be setup in Tanium, but details for this webhook can be obtained from the integration setup page in Halo.</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImEwMWRiY2JkLWQxNjUtNGM4Ny04YzE3LTRkNzM1MzM1Y2RjMyJ9.wOBxPIeuy15jFEnnYhR2rSRT8va6TjuBCqt6VaWmrns" class="fr-fic fr-fil fr-dib" width="1416" style="width: 1418px; height: 630.123px;" height="630"></p><p><strong><span style="font-size: 10pt;">Fig 13. General webhook setup</span></strong></p><p><br></p><p>Now, generate a &#39;Basic Authentication Password&#39; and copy this, along with the basic authentication username to a notepad.&nbsp;</p><p><br></p><p id="isPasted">The details required for the webhook can be found on the integration setup page by selecting the &#39;webhook&#39; button. This will contain the endpoint required and an example payload.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImI2YzJkYjNhLWYyZTYtNDllMS1iYmU2LTZkODg4NTNkNmM2OSJ9.pP39vr_Ngi_-VvUkd2gGEhUAbORleiCh69FY3uN9eWA" class="fr-fic fr-fil fr-dib" width="628" style="width: 630px; height: 553.966px;" height="554"></p><p><strong><span style="font-size: 10pt;">Fig 14. Details for webhook</span></strong></p><p><br></p><p>The payload of the webhook will control what information is sent over to Halo from Tanium, therefore, how the ticket in Halo is logged.&nbsp;</p><p><br></p><p>The example payload that is provided will populate the description field of the ticket that is logged with the Tanium ID of the item, the Tanium instance the item exists in, the serial number of the item that triggered the alert and the name of the item that triggered the alert.&nbsp;</p><p><br></p><p>You can also adjust the webhook payload to have data from Tanium populate selected fields against the ticket that is logged, including setting the ticket type and end user of the ticket. To do this include the &quot;other_attributes&quot; object in the payload. In the below example the end user of the ticket logged in Halo will be the user that last logged into the asset/device in Tanium.&nbsp;</p><p><br></p><p id="isPasted"><em>{</em></p><p><em>&nbsp; &nbsp; &quot;tanium_id&quot;: &quot;$ci_item_id&quot;,</em></p><p><em>&nbsp; &nbsp; &quot;tanium_instance_id&quot;: 1,</em></p><p><em>&nbsp; &nbsp; &quot;alert_subject&quot;: &quot;$ci_item_serial_number&quot;,</em></p><p><em>&nbsp; &nbsp; &quot;alert_body&quot;: &quot;$ci_item_computer_name&quot;,</em></p><p id="isPasted" style="margin-left: 20px;"><em>&quot;other_attributes&quot;: {</em></p><p style="margin-left: 20px;"><em>&nbsp; &nbsp; &quot;category2&quot;: &quot;Business Applications&quot;,</em></p><p style="margin-left: 20px;"><em>&nbsp; &nbsp; &quot;user_id &quot;: &quot;ci_item_logged_in_user&quot;</em></p><p><em>}</em></p><p><em><br></em></p><p><em>}</em></p><p><br></p><p><br></p><p>Navigate to Tanium. Now in Tanium you will need to configure your alerts to use a webhook as their destination, this will trigger a webhook to be sent when the alert is triggered. When choosing webhook as the destination you can configure the webhook from here.&nbsp;</p><p><br></p><p><span style="color: rgb(0, 0, 0);">The URL for the webhook will follow the format: <a data-fr-linked="true" href="https://YOURHALODOMAIN/api/notify/tanium">https://YOURHALODOMAIN/api/notify/tanium</a></span></p><p><br></p><p><span style="color: rgb(0, 0, 0);">When setting up the webhook ensure to select the authentication type &#39;Basic&#39;, the username and password to authenticate the webhook are obtained from the integration setup page in Halo. Each time you generate a new password, you will need to update the password against the webhook.&nbsp;</span></p><p><br></p><p>For information on how to setup alerts in Tanium check out:&nbsp;</p><ul><li><a data-fr-linked="true" href="https://help.tanium.com/bundle/ug_threat_response_cloud/page/threat_response/create_configurations.html" id="isPasted">https://help.tanium.com/bundle/ug_threat_response_cloud/page/threat_response/create_configurations.html</a></li></ul><p>For information on setting up webhooks (HTTP destinations) in Tanium check out:</p><ul><li><a data-fr-linked="true" href="https://help.tanium.com/bundle/ug_connect_cloud/page/connect/http.html" id="isPasted">https://help.tanium.com/bundle/ug_connect_cloud/page/connect/http.html</a></li></ul><p>Now, each time this alert is triggered in Tanium a ticket will be logged in Halo almost instantly.&nbsp;</p>
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.