> ## Documentation Index > Fetch the complete documentation index at: https://docs.rad.security/llms.txt > Use this file to discover all available pages before exploring further. # Tanium EDR > Configure Tanium EDR integration with RAD Security for real-time endpoint visibility and response. # Tanium EDR Integration Setup This guide walks you through integrating Tanium EDR with RAD Security for real-time endpoint visibility and threat response, enabling you to correlate endpoint security events with container and cloud runtime activity. Tanium provides real-time endpoint data collection, threat detection, incident response, and compliance monitoring across your entire infrastructure. ## Prerequisites Before you begin, ensure you have: * Admin access to Tanium Console * Ability to create roles, personas, and users in Tanium * A service account dedicated for integrations (recommended) * Access to RAD Security workspace with integration permissions **Service Account Recommended:** Use a dedicated service account for the integration rather than a personal account. This ensures continuity when team members change roles or leave. *** ## Step 1: Access Tanium Console Log in to your Tanium Console with administrative privileges Save your Tanium Console URL as you'll need it for configuration **Example:** `https://your-company.cloud.tanium.com` *** ## Step 2: Create Custom Role with Minimal Permissions Follow the principle of least privilege by creating a role with only the necessary permissions. Go to **Administration > Permissions > Roles** Click to create a new role and provide: * **Role Name** (e.g., "RAD Security Integration Role") * **Description** (e.g., "Role for RAD Security API integration") * **Permission Type:** Allow In the **Permissions** table: 1. Locate **Gateway** permissions 2. Expand the section 3. Select **Execute** permission for **Gateway API** This permission is **essential** for the integration to function properly. Without Gateway API execute permissions, the integration will fail. In the **Permissions** table: 1. Select **Platform Content Permissions** 2. Check the **Read** option 3. Click the icon with a number (n+) that appears 4. Select the following Content Sets: * **Reserved** * **Base** * **Core Content** * **Comply Reporting** These content sets provide access to the default sensors used for vulnerability checking and compliance monitoring. Click **Save** to create the role *** ## Step 3: Create Persona with Custom Role Personas in Tanium combine roles with computer group access to define the scope of access. Go to **Administration > Permissions > Personas** Click to create a new persona and provide: * **Persona Name** (e.g., "RAD Security Integration Persona") * **Description** (e.g., "Persona for RAD Security API access") Assign the **custom role** you created in Step 2 to this persona 1. Open the **Computer Groups** section 2. Check the **Unrestricted Management Rights** checkbox This grants access to all computer groups. If you need to restrict access to specific groups, configure accordingly instead of using unrestricted rights. 1. Open the **Users** section 2. Assign one or more users to this persona **Use a Service Account:** Assign a dedicated service account rather than individual user accounts. This prevents disruptions when users leave or change roles. Click **Save** to create the persona *** ## Step 4: Generate API Token Log out and log back in using the **service account** you assigned to the persona in Step 3 Go to **Administration > Permissions > API Tokens** Select the option to create a new API token Provide the following information: **Notes:** * Add a description to identify the token's purpose (e.g., "RAD Security Integration") **Expiration Period:** * **Recommended:** 14 days for production * **Default:** 7 days * **Maximum:** 365 days Shorter expiration periods enhance security by requiring regular token rotation. Set calendar reminders for token rotation. Assign the **persona** you created in Step 3 to set the scope and permissions for this token Add trusted IP addresses that can use this token: **For Production:** * Add RAD Security IP addresses (provided by your RAD Security team) **For Testing/Sandbox:** * You can use `0.0.0.0/0` for initial testing * **Remove this before production deployment** Using `0.0.0.0/0` allows access from any IP address. Only use this for sandbox testing and never in production environments. Click **Create** to generate the API token **Immediately copy and save the API token** in a secure location **This is your only chance to view the token!** You cannot retrieve it later. Store it in a password manager or secrets vault immediately. *** ## Step 5: Configure in RAD Security Navigate to your RAD Security workspace and configure the Tanium integration with the following parameters: ### Required Parameters | Parameter | Description | Example | | ------------ | --------------------------------- | --------------------------------------- | | **Base URL** | Your Tanium Console URL | `https://your-company.cloud.tanium.com` | | **Secret** | The API token generated in Step 4 | `your-api-token-here` | *** ## Verify Integration After completing the setup, verify your integration is working: 1. Navigate to **Data Sources > Integrations > EDR** in RAD Security 2. Locate your Tanium integration 3. Check the connection status shows as **Connected** 4. Verify endpoint data is being synced Your Tanium EDR integration is now configured! RAD Security can now correlate endpoint data with container and cloud runtime events. ## What Data is Synced Once configured, RAD Security will sync the following data from Tanium: * Real-time endpoint inventory * Operating system details * Computer names and IP addresses * Last seen timestamps * Network configuration * Tanium client version and status * Software vulnerabilities using default sensors * Missing patches and updates * CVE information * Vulnerability severity scores * Remediation recommendations * Compliance posture assessments * Policy violations * Configuration baselines * Comply Reporting data * Audit findings * Security events * Threat indicators * Suspicious activities * IOC detections * Behavioral anomalies * Installed applications * Software versions * Unmanaged software * License information * End-of-life software **Default Sensors:** RAD Security uses Tanium's [default sensors](https://help.tanium.com/bundle/ug_interact_cloud/page/interact/tds.html#sensors_registered_by_default) for vulnerability checking. No additional sensor configuration is required. ## Token Rotation Regular token rotation is a security best practice. Follow these steps to rotate your API token: 1. Go to **Administration > Permissions > API Tokens** 2. Select your existing API token 3. Use the **Rotate** feature 4. **Save the new token immediately** 1. Navigate to your Tanium integration in RAD Security 2. Update the token with the newly rotated value 3. Verify the connection still works Set a calendar reminder for the next rotation based on your token's expiration period Token rotation should be performed before the current token expires to avoid service interruptions. ## Use Cases Get instant visibility into endpoint status and security posture across your entire infrastructure. Correlate Tanium vulnerability data with runtime exploitation attempts detected by RAD Security. Track compliance posture and policy violations across endpoints and cloud workloads. Coordinate response actions across endpoints when threats are detected in containerized environments. ## Troubleshooting **Possible causes:** * API token is incorrect or expired * Token was rotated and not updated * Service account permissions changed * Token not generated by correct service account **Solution:** * Verify the token is copied correctly (no extra spaces) * Check token expiration date in Tanium * Ensure service account still has assigned persona * Try logging in as the service account to verify it's active * Generate a new token if needed **Possible causes:** * Role missing Gateway API execute permission * Platform Content permissions not configured * Persona not assigned correct role * Missing required content sets **Solution:** * Verify role has Gateway API Execute permission * Check Platform Content Read permission is granted * Ensure all 4 content sets are selected (Reserved, Base, Core Content, Comply Reporting) * Verify persona is assigned to the token * Review RBAC configuration following [Tanium's guide](https://developer.tanium.com/site/global/docs/how_tos/rbac/index.gsp) **Possible causes:** * RAD Security IP addresses not in trusted IPs list * Incorrect IP address format * Firewall blocking connections **Solution:** * Verify RAD Security IP addresses are added to trusted IPs * Contact RAD Security support for current IP addresses * Check IP address format is correct (CIDR notation) * Review firewall rules allowing Tanium API access * For testing, temporarily use `0.0.0.0/0` (sandbox only!) **Possible causes:** * No endpoints reporting to Tanium * Computer group access restricted * Default sensors not enabled * Initial sync still in progress **Solution:** * Verify Tanium clients are installed and connected * Check computer group access (Unrestricted vs specific groups) * Confirm default sensors are active * Allow up to 15 minutes for initial data sync * Review integration logs in RAD Security for errors **Possible causes:** * Token reached its expiration date * Token was manually revoked **Solution:** * Check token expiration in Tanium * Rotate the token to generate a new one * Update RAD Security integration with new token * Set a calendar reminder for next rotation * Consider using longer expiration periods (e.g., 90 days) if frequent rotation is challenging **Possible causes:** * Service account was disabled or deleted * Service account password changed * Persona unassigned from service account * User removed from persona **Solution:** * Verify service account is active * Check persona assignment in Administration > Permissions > Personas * Ensure service account is still listed under Users for the persona * Re-add service account to persona if needed ## Security Best Practices Always use dedicated service accounts for integrations, never personal accounts tied to individuals. Only grant the minimum permissions required. Avoid using admin accounts for API integrations. Set reasonable expiration periods (14-90 days) and rotate tokens before they expire. Only allow trusted IP addresses. Never use `0.0.0.0/0` in production environments. Regularly review API token usage in Tanium to detect anomalous activity. Store API tokens in a secure password manager or secrets vault. Never commit to version control. Maintain documentation of token creation, rotation, and role/persona changes. Periodically review personas, roles, and assigned users to ensure they're still appropriate. ## Additional Resources Official guide to Tanium authentication methods Learn about role-based access control for integrations Complete list of available Tanium sensors Documentation on default sensors for vulnerability detection Watch "RBAC for Integrations" breakout session Guide to register or unregister sensors ## Next Steps Explore other EDR integration options Learn about RAD's container runtime security Configure correlated alerts and incident management Understand RAD's security and compliance framework